Recent Posts
12 minute read - June 05, 2022
The Timing machine on HTB has some interesting web exploitation paths that reminded me of the OSCP and OSWE course labs. The intended path involves a Local File Inclusion (LFI) vulnerability combined with a File Upload function...
19 minute read - January 24, 2022
The Address Resolution Protocol (ARP) is an essential part of the TCP/IP protocol suite and will remain in common use as long as IPv4 sticks around. It is a very simple protocol and fun to hack with....
10 minute read - September 30, 2021
This third part of our Vulnserver series looks rather easy at first. The buffer overflow can be done without any fuzzing. But once we look at the stack we find our input bytes have been...
16 minute read - September 14, 2021
In the second part of our Vulnserver series we encounter a SEH-based buffer overflow. SEH stands for Structured Exception Handling. The exploitation process is sligthly different...
16 minute read - September 07, 2021
In this first part of our Vulnserver series we will take a look at the TRUN command. It offers a very simple Stack-based Buffer Overflow with a little bit of fuzzing...
5 minute read - September 07, 2021
Vulnserver is a vulnerable TCP socket server written in C. You can use it to practise Windows x86 stack based buffer overflows. The server application offers several different buffer overflows for you to exploit...
24 minute read - December 08, 2020
A sniffer allows you to intercept, log and analyze network traffic. In this tutorial we will build one from scratch in python3, using only standard libraries...
5 minute read - November 07, 2020
PyInstaller allows you to create stand-alone binaries that run on machines that do not have Python installed. On Linux it will create an executable ELF binary. On Windows...