Fuzzing The State of Go Fuzzing - Did we already reach the peak? During one of the recent working days, I was tasked with fuzzing some Go applications. That's something I had not done in a while, so my first course of action was to research the current state of the art of the tooling landscape. After like a couple of
Exploitation Learning Linux kernel exploitation - Part 2 - CVE-2022-0847 Continuing to walk down Linux Kernel exploitation lane. This time around with an unanticipated topic: DirtyPipe as it actually nicely fits the series as an example.
Exploitation Learning Linux kernel exploitation - Part 1 - Laying the groundwork Table fo contents Disclaimer: This post will cover basic steps to accomplish a privilege escalation based on a vulnerable driver. The basis for this introduction will be a challenge from the hxp2020 CTF called "kernel-rop". There's (obviously) write-ups for this floating around the net (check references)
Overview of GLIBC heap exploitation techniques Overview of current GLIBC heap exploitation techniques up to GLIBC 2.34, including their ideas and introduced mitigations along the way
General MISC study notes about ARM AArch64 Assembly and the ARM Trusted Execution Environment (TEE) Disclaimer: These are unfiltered study notes mostly for myself. Guaranteed not to be error free. So if you did land here, managed to get to the end of it and found some mistakes just hit me up, I'd love to know what's wrong :) AArch64 - Preface
Hardware LinkSys EA6100 AC1200 - Part 2 - A serial connection FTW! Last time we left off with a pretty decent understanding about how our router is structured and what components were used. We also found two interesting debug pads that showed oscillating voltages during boot up. In this post, we will take a closer look at exactly these and try to
RE The devil entered the stage! This is a write-up for solving the devils-swapper RE challenge. It was mostly intended for my personal archive, but since it may be interesting to all of you. This especially applies if you're still rather new to the whole RE world, as the write-up turned out to be
Hardware LinkSys EA6100 AC1200 - Part 1 - PCB reversing It has been a while since I did some hardware hacking, and this time I want to review the basics. The LinkSys EA6100 router intrigued me since I was only able to find encrypted firmware images (or updates). Known tools like binwalk were unable to unpack the system: > file
Hardware Breaking the D-Link DIR3060 Firmware Encryption - Static analysis of the decryption routine - Part 2.2 Welcome back to part 2.2 of this series! If you have not yet checked out part 1 or part 2.1, please do so first as they highlight important reconnaissance steps as well as the first half of the disassembly analysis! Let's recall the current functionality we&
Hardware Breaking the D-Link DIR3060 Firmware Encryption - Static analysis of the decryption routine - Part 2.1 Welcome back to part 2 of this series! If you have not checked out part 1 yet, please do so first, as it highlights important reconnaissance steps! So let us dive right into the IDA adventure to get a better look at how imgdecrypt operates to secure firmware integrity of
Hardware Breaking the D-Link DIR3060 Firmware Encryption - Recon - Part 1 Recently, we came across some firmware samples from D-Link routers that we were unable to unpack properly. Luckily, we got our hands on an older, cheaper but similar device (DIR882) that we could analyze more closely. The goal is to find a way to mitigate the firmware encryption that was
RE What's a bitbang? Note: This is a re-upload of an old write-up. This is another write-up from an interesting little challenge. The original forum post about it can be found here. To get your hands on the challenge I've prepared the base64 text representation of it once again below so you
RE Welcome to the Poly Bomb 💣 Note: Re-write/Re-upload due to dead links This write up are my thoughts and steps to statically analyze a given unknown binary. I want to understand the binary to a point where I can freely write about it. So here it is. I'm always open for you pointing
RE Reversing and Exploiting Dr. von Noizemans Nuclear Bomb Note: Re-upload due to dead links :) Yo! Life kept me more than busy, but now I've got a little more time on my hands. I decided to do a write up on the following binary, because it taught me some new things, compared to the easy reversemes I
Fuzzing Fuzzing projects with american fuzzy lop (AFL) Preface This quick article will give a short introduction on what fuzzers are, how they work and how to properly setup the afl - american fuzzy lop fuzzer to find flaws in arbitrary projects. Well known alternatives to afl (for the same or other purposes): * boofuzz: Network Protocol Fuzzing for
General Dissecting and exploiting ELF files Preface Hi folks! For quite some time there was no article from my side. Life kept me busy with all sorts of things, but here is a little something until some cooler project emerges :) . This article will focus on explaining the ELF file format. While this may seem like a
Exploitation Exploit Mitigation Techniques - Part 3 - Address Space Layout Randomization (ASLR) Preface Hey there! I'm finally ready to present you the third installment of the series exploit mitigation techniques. The last two times we talked about Data Execution Prevention and Stack Canaries. Today I want to talk about Address Space Layout Randomization or ASLR in short. Format wise the
Exploitation Exploit Mitigation Techniques - Part 2 - Stack Canaries Preface Hey there! After quite some time the second part will be finally published :) ! Sorry for the delay, real life can be overwhelming.. Last time I have introduced this series by covering Data Execution Prevention (DEP). Today we're dealing with the next big technique. As the title already
Exploitation Exploit Mitigation Techniques - Part 1 - Data Execution Prevention (DEP) Preface Welcome to a new series about GNU/Linux exploit mitigation techniques. I want to shift the focus to the bypassed techniques to create a series about currently deployed approaches. Afterwards, I'd like to focus on their limitations with a follow up on how to bypass them with
Exploitation An introduction to printer exploitation Preface Note: As always the following is just a digest of all the things I could observe by working on printers myself or facts from stuff I read about recently. Since this thread about the HP printer promo videos caught some attention I will try to shed some light onto
