Posts by Category
- Binary Exploitation 23
- HTB 16
- Pwn 9
- Offsec 9
- Exploit-Development 9
- Windows-Exploitation 9
- Vulnserver 9
- Exploit Development 5
- Blog 3
Binary Exploitation
ROP Emporium - callme (32 bit)
Solution for callme x32 from ROP Emporium
ROP Emporium - callme (64 bit)
Solution for callme x64 from ROP Emporium
ROP Emporium - split (64 bit)
Solution for split x64 from ROP Emporium
ROP Emporium - split (32 bit)
Solution for split x32 from ROP Emporium
ROP Emporium - ret2win
Solution for ret2win from ROP Emporium
protostar - stack 4
Solution for stack four from Protostar in Exploit Education Series
protostar - stack 3
Solution for stack three from Protostar in Exploit Education Series
protostar - stack 2
Solution for stack two from Protostar in Exploit Education Series
protostar - stack 1
Solution for stack one from Protostar in Exploit Education Series
protostar - stack 0
Solution for stack zero from Protostar in Exploit Education Series
phoenix - heap 1
Solution for heap one from Phoenix in Exploit Education Series
phoenix - heap 0
Solution for heap zero from Phoenix in Exploit Education Series
phoenix - format 4
Solution for format four from Phoenix in Exploit Education Series
phoenix - format 3
Solution for format three from Phoenix in Exploit Education Series
phoenix - format 2
Solution for format two from Phoenix in Exploit Education Series
phoenix - format 1
Solution for format one from Phoenix in Exploit Education Series
phoenix - format 0
Solution for format zero from Phoenix in Exploit Education Series
phoenix - stack 5
Solution for stack five from Phoenix in Exploit Education Series
phoenix - stack 4
Solution for stack four from Phoenix in Exploit Education Series
phoenix - stack 3
Solution for stack three from Phoenix in Exploit Education Series
phoenix - stack 2
Solution for stack two from Phoenix in Exploit Education Series
phoenix - stack 1
Solution for stack one from Phoenix in Exploit Education Series
phoenix - stack 0
Solution for stack zero from Phoenix in Exploit Education Series
HTB
HTB - TimeLapse
Writeup for HTB - TimeLapse
HTB - Pandora
Writeup for HTB - Panodra
HTB - Active
Writeup for HTB - Active
HTB - Sauna
Writeup for HTB - Sauna
HTB - Forest
Writeup for HTB - Forest
HTB - RouterSpace
Writeup for HTB - RouterSpace
HTB - Secret
Writeup for HTB - Secret
HTB - Devel
Writeup for HTB - Devel
HTB - Driver
Writeup for HTB - Driver
HTB - Cap
Writeup for HTB - Cap
HTB - Jeeves
Writeup for HTB - Jeeves
HTB - Love
Writeup for HTB - Love
HTB - LaCasaDePapel
Writeup for HTB - LaCasaDePapel
HTB - Legacy
Writeup for HTB - Lame
HTB - Lame
Writeup for HTB - Lame
HTB - Blue
Writeup for HTB - Blue
Pwn
pwnable.kr - shellshock
A simple challenge related to shellshock vulnerability
pwnable.kr - mistake
A simple challenge related to file descriptor and file descriptor
pwnable.kr - input
A simple challenge related to bypassing inputs for a binary
pwnable.kr - random
A challenge related to vulnerability in rand() function in C
pwnable.kr - passcode
A challenge related to pointers and GOT overwrite
pwnable.kr - flag
A simple challenge related to packers and unpackers
pwnable.kr - bof
A classic buffer overflow challenge
pwnable.kr - collision
A simple challenge related to collision attacks in hashing
pwnable.kr - fd
A simple challenge related to file descriptors
Offsec
How I hacked a company
A simple blog post on my first red team engagement
AMSI Bypass - Memory Patching
A detailed blog about AMSI internals and patching AMSI through memory
LLMNR & NBT-NS Poisoning via Responder
A detailed blog about LLMNR & NBT-NS Poisoning using Responder
HTB - TimeLapse
Writeup for HTB - TimeLapse
HTB - Active
Writeup for HTB - Active
HTB - Sauna
Writeup for HTB - Sauna
HTB - Forest
Writeup for HTB - Forest
HTB - Driver
Writeup for HTB - Driver
Red Teaming - Enumeration
A overview on Red Team enumeration tactics
Exploit-Development
Vulnserver KSTET - Staged exploitation and Socket reusing
A simple walkthrough on Vulnserver KSTET using socket reusing and staged exploitation technique
Vulnserver GTER - Staged exploitation and Socket reusing
A simple walkthrough on Vulnserver GTER using socket reusing and staged exploitation technique
Vulnserver GTER - Staged exploitation and Egg hunting
A simple walkthrough on Vulnserver GTER using egg hunter and staged exploitation technique
Vulnserver LTER - Bypass Restricted Characters
A simple walkthrough on Vulnserver LTER using encoders to bypass restricted characters
Vulnserver HTER - EIP Overwrite with Character conversion
A simple walkthrough on Vulnserver HTER vanilla EIP overwrite
Vulnserver GMON - SEH Overflow & Stack Pivoting
A simple walkthrough on Vulnserver GMON SEH overflow with stack pivoting
Vulnserver GMON - SEH Overflow & Egg Hunting
A simple walkthrough on Vulnserver GMON SEH overflow & Egg hunting
Vulnserver TRUN - Stack Buffer Overflow
A simple walkthrough on Vulnserver TRUN stack buffer overflow
Vulnserver Setup - Prologue
A simple guide to set up Vulnserver and insight about user land memory
Windows-Exploitation
Vulnserver KSTET - Staged exploitation and Socket reusing
A simple walkthrough on Vulnserver KSTET using socket reusing and staged exploitation technique
Vulnserver GTER - Staged exploitation and Socket reusing
A simple walkthrough on Vulnserver GTER using socket reusing and staged exploitation technique
Vulnserver GTER - Staged exploitation and Egg hunting
A simple walkthrough on Vulnserver GTER using egg hunter and staged exploitation technique
Vulnserver LTER - Bypass Restricted Characters
A simple walkthrough on Vulnserver LTER using encoders to bypass restricted characters
Vulnserver HTER - EIP Overwrite with Character conversion
A simple walkthrough on Vulnserver HTER vanilla EIP overwrite
Vulnserver GMON - SEH Overflow & Stack Pivoting
A simple walkthrough on Vulnserver GMON SEH overflow with stack pivoting
Vulnserver GMON - SEH Overflow & Egg Hunting
A simple walkthrough on Vulnserver GMON SEH overflow & Egg hunting
Vulnserver TRUN - Stack Buffer Overflow
A simple walkthrough on Vulnserver TRUN stack buffer overflow
Vulnserver Setup - Prologue
A simple guide to set up Vulnserver and insight about user land memory
Vulnserver
Vulnserver KSTET - Staged exploitation and Socket reusing
A simple walkthrough on Vulnserver KSTET using socket reusing and staged exploitation technique
Vulnserver GTER - Staged exploitation and Socket reusing
A simple walkthrough on Vulnserver GTER using socket reusing and staged exploitation technique
Vulnserver GTER - Staged exploitation and Egg hunting
A simple walkthrough on Vulnserver GTER using egg hunter and staged exploitation technique
Vulnserver LTER - Bypass Restricted Characters
A simple walkthrough on Vulnserver LTER using encoders to bypass restricted characters
Vulnserver HTER - EIP Overwrite with Character conversion
A simple walkthrough on Vulnserver HTER vanilla EIP overwrite
Vulnserver GMON - SEH Overflow & Stack Pivoting
A simple walkthrough on Vulnserver GMON SEH overflow with stack pivoting
Vulnserver GMON - SEH Overflow & Egg Hunting
A simple walkthrough on Vulnserver GMON SEH overflow & Egg hunting
Vulnserver TRUN - Stack Buffer Overflow
A simple walkthrough on Vulnserver TRUN stack buffer overflow
Vulnserver Setup - Prologue
A simple guide to set up Vulnserver and insight about user land memory
Exploit Development
GOT Overwrite
A simple explanation of GOT Overwrite in GDB debugger
Return To LIBC Attack (ret2libc)
A detailed explanation of ret2libc attack and how it can be used to bypass ASLR and NX bit
Buffer Overflow (ret2func)
A detailed explanation of stack buffer overflow in C programs in which we can exploit a buffer space to return anothe...
Format String Vulnerability
A detailed explanation of format string vulnerability in C programs
Exploitation with shellcode
A simple explanation on syscalls and how to craft shellcodes with specific function
Blog
1337UP Live - OptimusPrime
A walkthrough on OSINT challenge from 1337UP Live 2022
1337UP Live - Liikt#1337
A walkthrough on misc challenge from 1337UP Live 2022
InCTF Pro 21 Finals - PyJail K8
A walkthrough on kubernetes challenge from InCTF Pro 21 Finals