Hey. Today I’ll talk about the main subject of my first chapter in binary exploitation. I’ll talk about how unserialize works in PHP and think about some ways to exploit that to be able to do ROP with a use-after-free. What’s unserialize? unserialize() is a PHP function used to transform a string into various …
Hi everybody, as I said previously, my first goal with that category is to be able to exploit an unserialize bug using a use-after-free attack. Doing a double free on a fastbin is similar to a use-after-free since it allows two object to have the same address so we can overlap structures to be able …
Hello, today I’ll get back to my [bin] series and talk a little bit more about use-after-free, the vulnerability I’m focusing on because it could be a great way to merge two subjects I like (binary exploitation and web), once I’ll master the exploitation process of these vulnerabilities. I probably won’t be able to exploit …
Hey, it’s me again. Let’s continue our last article. What I’ll try to do today is talk about the tls_dtor_list, which is that list of function getting executed during the exit mechanism of a glibc program. This quick article is kind of an issue report and not really an advancement but since I learned a …
Hey, let’s keep going on our exploitation journey by talking about off-by-one. I’ll quickly speak about stack-based off-by-one and heap-based off-by-one. It is a subject I understand but I never really scratched the surface, even if I already did exploit stack off-by-one vulnerabilities before. What is an off-by-one? An off-by-one, if I had to …
Hey, today I’ll go a little bit further into my introduction to heap and hopefully finish the allocation subject I started. Last time I was able to understand how an allocation work roughly (syscall usage, arena creation and distribution depending on threads), let’s continue. By the way, since it is the 32nd article, I think …
Hey. Today I’ll still bore you with computer security and talk about a subject I really wanted to learn since a while (over 2 years now) but never managed to either find time, or the motivation to get started. I’ll talk about the heap and how it works, the objective of the next subjects will …