2025-01-02 | #exploitation #heap #x86
This ongoing series explores various heap exploitation techniques, from basic concepts to advanced vulnerabilities. Each section covers different strategies for manipulating heap memory to achieve arbitrary code execution and bypass memory protections.
2024-12-21 | #exploitation #heap #x86
This ongoing series explores various heap exploitation techniques, from basic concepts to advanced vulnerabilities. Each section covers different strategies for manipulating heap memory to achieve arbitrary code execution and bypass memory protections.
2024-11-27 | #asm #cve #pwn
Recently, I came across an underflow vulnerability in the open-source project 7-Zip, initially disclosed by the Zero Day Initiative (ZDI) in this advisory. The issue was resolved in version 7-Zip 24.07, and I decided it would be fun and educational to dig into this bug myself. My goal was to identify the vulnerability using fuzzing and debugging tools like AFL and GDB, gaining a deeper understanding of the flaw and its exploit potential.
2024-11-10 | #asm #ctf #pwn
In this post, I walk through the process of exploiting a binary with all mitigations enabled, demonstrating how to bypass protections and gain shell access. Using pwntools, we craft an exploit that jumps to the win() function, ultimately allowing us to take control of the system.
some kernel stuff I did to learn how to debug, exploit, and tackle kernel level vulnerabilites.
2024-08-24 | #exploit #kernel #N-day
In this post, I explore CVE-2017-11176, a Linux kernel vulnerability, applying knowledge from recent courses and research. Using Lexfo’s documentation as a guide, I break down the patch diff, gain a primitive write, and craft a full exploit.
2021-12-29 | #x86
Vulnerabilities were identified in the CoreFTP Server, particularly in its HTTP service, which allows an authenticated user to write files anywhere on the server, bypassing restrictions meant to confine them to their home directory.
