07 Apr 2017
Of course, when programming, all of us use abstractions, whether they
be classes and objects, or functions, or meta-functions, or
polymorphism, or monads, or functors, or all that jazz. However, can
we really have such a thing during exploitation? Obviously, we can
exploit mistakes that are made in implementing the aforementioned
abstractions, but here, I am talking about something different.
Read more...
06 Apr 2017
While simple format string vulnerabilities are becoming relatively
less common these days, every once in a while, we come across some
interesting cases in either CTFs or (less likely) real world programs,
where having a better understanding of how to attack these
vulnerabilities helps immensely.
Read more...
01 Apr 2017
If a memory region (or file or any other resource) is accessed twice
with the assumption that it would remain same, but due to switching of
threads, we are able to change the value, we have a race condition.
Read more...
31 Mar 2017
Amongst the various kinds of heap exploitation techniques, there are 3
that are considered extremely basic, and provide the fundamentals to
understand more complicated heap exploits.
Read more...