This two-part series explores the evolution of exploit development and vulnerability research on Windows- beginning with types and legacy mitigation techniqu...
Gaining code execution with WriteProcessMemory() via ROP and outlining the occasional need for Call-Oriented Programming.
Exploiting page table entries through arbitrary read/write primitives to circumvent SMEP, no-execute (NX) in the kernel, and page table randomization.
Brief introduction to memory paging on Windows 10 x64 to help leverage bypassing SMEP via page table entries.
Exploit Development: Rippity ROPpity The Stack Is Our Property - Blue Frost Security eko2019.exe Full ASLR and DEP Bypass on Windows 10 x64
Reverse engineering BFS’s eko2019.exe application and obtaining an ASLR bypass via an arbitrary read primitive.
Exploit Development: Panic! At The Kernel - Token Stealing Payloads Revisited on Windows 10 x64 and Bypassing SMEP
Revisiting token stealing payloads on Windows 10 x64 and diving into mitigations such as SMEP.
An introduction to exploiting the ability to write data to an arbitrary location.
An introduction to creating a kernel debugging environment with WinDbg and IDA to analyze and exploit a vulnerable kernel driver.
An introduction to utilizing Return Oriented Programming to defeat Data Execution Prevention.
My thoughts on the Cracking The Perimeter course/OSCE Exam and how I came to learn that one must learn to walk before learning to run.
Reusing an existing socket connection to add a buffer of a user defined length.
Exploit Development: 0day! Admin Express v188.8.131.525 Folder Path Local SEH Alphanumeric Encoded Buffer Overflow
A 0day I found in an application called Admin Express, how to, by hand, alphanumerically encode shellcode, align the stack properly, and explaining the integ...
Introduction to SEH exploits and utilizing egg hunters to achieve code execution.
How I went from a naive college kid, who did not know there was more than one distribution of Linux, to an OSCP in less than a year- and debunking the stigma...