I decided to give a descent test to the LIEF project. Executable parsers are not a new thing (pyelftools, pefile, etc…) but that one picked my curiosity (just like most Quarkslab projects) because it …
Back again to modern Windows kernel exploitation! After understanding how to build shellcodes for Windows 64-bit and applying this knowledge on a trivial kernel stack overflow vulnerability we are rea…
Hi there ✋ This post is the third chapter of this series, where we dive into Windows kernel. The previous posts introduced respectively how to painlessly setup a Windows exploit lab, then how to creat…
Info A few weeks ago, I came across a GitHub repository created by @5aelo for people wanting to have a bit of ARM fun. I had recently spent some time adding new features and perfectionning old ones…
Even though well known methods exist to bypass ptrace deactivation on a process when spawning (fake ptrace() preloading, breakpoint on ptrace(), etc… ), it is trickier when process is already protecte…
Sometimes life gives you eggs for free, you just need to spend some time making an omelet. That’s exactly what happened to me on a recent engagement for a client: a typical PHP webapp full of holes le…