Category Archives: Uncategorized

Writeups – rev75, SimplePHP, pwn100 (Bugs Bunny CTF)

This weekend, I participated in the curiously named Bugs Bunny CTF (www.bugsbunnyctf.me). Unfortunately, due to very poor record-keeping (and general incompetence in solving some more interesting challenges) on my part, I am only able to present a few limited writeups. … Continue reading

Posted in Uncategorized | Leave a comment

Windows 7 x64 Kernel Exploitation – Stack Overflow (3/3)

In this (short) post, we will explore triggering a stack overflow vulnerability in the kernel. This is a classic exploitation case. The Vulnerability: TriggerStackOverflow Similar to the last post, we first inspect the vulnerable function in code. This is a … Continue reading

Posted in Uncategorized | Leave a comment

Windows 7 x64 Kernel Exploitation – Arbitrary Write (2/3)

In this post, we will dive into an actual example of exploitation, against an arbitrary write-what-where vulnerability. The Vulnerability: TriggerArbitraryOverwrite The vulnerability we are exploiting is within the TriggerArbitraryOverwrite function. In source code, we can see this in the “TriggerArbitraryOverwrite” function, … Continue reading

Posted in Uncategorized | Leave a comment

Windows 7 x64 Kernel Exploitation – Setup (1/3)

Several months ago, I took a short sojourn into the world of Windows Kernel exploitation, based on the work of hacksysteam and their excellent HackSys Extreme Vulnerable Driver (github here). I learned some things, and built a short community presentation … Continue reading

Posted in Uncategorized | Leave a comment

Technique – Dumping ELF from Format String

Last week, during the SharifCTF competition, I attempted to solve the pwn150 and pwn300 challenges, but was unable to solve them before they went offline. Upon review, these challenges were intended to be solved as blind format string “dump-and-exploit” challenges, … Continue reading

Posted in Uncategorized | Tagged , | 1 Comment