Category Archives: Uncategorized

Windows 7 x64 Kernel Exploitation – Stack Overflow (3/3)

In this (short) post, we will explore triggering a stack overflow vulnerability in the kernel. This is a classic exploitation case. The Vulnerability: TriggerStackOverflow Similar to the last post, we first inspect the vulnerable function in code. This is a … Continue reading

Posted in Uncategorized | Leave a comment

Windows 7 x64 Kernel Exploitation – Arbitrary Write (2/3)

In this post, we will dive into an actual example of exploitation, against an arbitrary write-what-where vulnerability. The Vulnerability: TriggerArbitraryOverwrite The vulnerability we are exploiting is within the TriggerArbitraryOverwrite function. In source code, we can see this in the “TriggerArbitraryOverwrite” function, … Continue reading

Posted in Uncategorized | Leave a comment

Windows 7 x64 Kernel Exploitation – Setup (1/3)

Several months ago, I took a short sojourn into the world of Windows Kernel exploitation, based on the work of hacksysteam and their excellent HackSys Extreme Vulnerable Driver (github here). I learned some things, and built a short community presentation … Continue reading

Posted in Uncategorized | Leave a comment

Technique – Dumping ELF from Format String

Last week, during the SharifCTF competition, I attempted to solve the pwn150 and pwn300 challenges, but was unable to solve them before they went offline. Upon review, these challenges were intended to be solved as blind format string “dump-and-exploit” challenges, … Continue reading

Posted in Uncategorized | Tagged , | 1 Comment

Writeup – For2 (Google)

This weekend, I participated in the Google CTF. This CTF was a lot of fun, forcing participants to learn lots of Google-specific technologies, providing a wide range of challenging content for people. One particularly interesting challenge was For2: the challenge … Continue reading

Posted in Uncategorized | Tagged , , | Leave a comment