02 Jan 2019
In this challenge, we had to obtain remote code execution, simply by
exploiting a 1-day bug that forgot the difference between -0 and
+0. This has probably been one of the most difficult, fun, and
frustrating bugs I have ever exploited.
Read more...
02 Jul 2017
To either solve an RE challenge, or to be able to pwn it, one must
first analyze the given binary, in order to be able to effectively
exploit it. Since the binary might possibly be stripped etc (found
using file) one must know where to begin analysis, to get a foothold
to build up from.
Read more...
04 Jun 2017
Return Oriented Programming (ROP) is one of the classic exploitation techniques, that is used to bypass the NX (non executable memory) protection. Microsoft has incorporated NX as DEP (data execution prevention). Even Linux etc, have it effective, which means that with this protection, you could no longer place shellcode onto heap/stack and have it execute just by jumping to it. So now, to be able to execute code, you jump into pre-existing code (main binary,...
Read more...
07 Apr 2017
Of course, when programming, all of us use abstractions, whether they
be classes and objects, or functions, or meta-functions, or
polymorphism, or monads, or functors, or all that jazz. However, can
we really have such a thing during exploitation? Obviously, we can
exploit mistakes that are made in implementing the aforementioned
abstractions, but here, I am talking about something different.
Read more...
01 Apr 2017
If a memory region (or file or any other resource) is accessed twice
with the assumption that it would remain same, but due to switching of
threads, we are able to change the value, we have a race condition.
Read more...