Hi, today a really quick article since I’m totally drowning in E3 announcement, trying to follow the Smash Invitational and so on. Anyway, I’ll talk about installing a proper terminal on windows and linux. Choice For Windows and Linux, we’ll use zsh coupled with “oh-my-zsh” with is a customized version of zsh adding themes …
Hello, today I’ll get back to my [bin] series and talk a little bit more about use-after-free, the vulnerability I’m focusing on because it could be a great way to merge two subjects I like (binary exploitation and web), once I’ll master the exploitation process of these vulnerabilities. I probably won’t be able to exploit …
Hello everybody, today I’ll try to exploit a fastbin duplication attack, it is an attack pretty common in capture the flag events these days if I understand correctly and it will help me get into heap exploitation. This attack is pretty simple in theory so it can be easily explained. How does the attack …
Hey, let’s go back to binary exploitation after a quick hiatus. I’ll talk about sigreturn-oriented programming today or SROP in short. I managed to exploit a challenge using that technique today and this post will be more or less a summary of what the technique does and what I did learn along the challenge resolution. …
Hey, it’s me again. Let’s continue our last article. What I’ll try to do today is talk about the tls_dtor_list, which is that list of function getting executed during the exit mechanism of a glibc program. This quick article is kind of an issue report and not really an advancement but since I learned a …
Hey, let’s keep going on our exploitation journey by talking about off-by-one. I’ll quickly speak about stack-based off-by-one and heap-based off-by-one. It is a subject I understand but I never really scratched the surface, even if I already did exploit stack off-by-one vulnerabilities before. What is an off-by-one? An off-by-one, if I had to …
Hey, today I’ll go a little bit further into my introduction to heap and hopefully finish the allocation subject I started. Last time I was able to understand how an allocation work roughly (syscall usage, arena creation and distribution depending on threads), let’s continue. By the way, since it is the 32nd article, I think …
Hey. Today I’ll still bore you with computer security and talk about a subject I really wanted to learn since a while (over 2 years now) but never managed to either find time, or the motivation to get started. I’ll talk about the heap and how it works, the objective of the next subjects will …
Yo, it’s me again. It’s been almost one full month since we started that initiative. Let’s continue our return-oriented programming exploitation. Today we will try to create our ropchain manually and exploit our same binary. Preparations I will recompile the binary using a static library to have a lot more gadgets using the -static …
This article should be pretty easy with what we learned last time but we could end up being surprised. I’ll try to exploit the same vulnerability, this time using ROP rather than ret-to-libc. What is Return-oriented Programming (or ROP) Return-oriented programming is an exploitation technique relying on the program’s own code to execute arbitrary …