Continuing on the path to Windows kernel exploitation... Thanks to the previous post, we now have a working lab for easily (and in a reasonably fast manner) debug Windows kernel. Let's skip ahead for a minute and assume we control PC using some...
This is the first on a series of posts on Windows kernel debugging and exploitation. In this part, we'll cover in details how to get everything setup using Linux as host, VirtualBox as hypervisor and Windows virtual images from Modern.IE. Note:...
GEF at Black Hat Arsenal US 2017 I had the privilege to be invited to present my tool GEF at Black Hat Arsenal organized by ToolsWatch in Las Vegas this year. I did prepare a bunch of things for this presentation, including a good polishing of...
Building a Debian Stretch (9) QEMU image running MIPSel TL;DR Two new images, Debian Stretch on MIPSel and MIPS64el were added to my QEMU image repo The rest of this post explains how I built them. Introduction After releasing the QEMU images...
TL;DR Ready-to-play Qemu images for under-rated architectures (ARM, MIPS, PowerPC, SPARC, AARCH64) to play with, with all the tools builtin to understand memory corruption on non x86 environments here. Update (2018/05/15) The Mega.NZ repository...
Insomni'Hack CTF 2017 offered a series of 3 challenges (i.e. 3 different flags) on the same binary, called bender_safe: bender_safe was a Reversing challenge (50 pts) to discover the correct validation sequence; bender_safer (this one) was a...
TL;DR: It is possible to defeat stack canary protection when a binary is vulnerable to arbitrary file read. Intro First of, Happy New Year 2017 ✌ Recently, I've decided to thoroughly investigate the "Stack Smashing Protection" (SSP) on recent...
The reverse_box challenge of TWCTF 2016 was a warmup challenge (only 50 points), not really hard. There are plenty of writeups for it, but none of them used the technique I used to solve it in only a few minutes. So I figured I could throw in my 50c …
Ruxmon August 2016: Making GDB great again I did a small presentation last Friday at Ruxmon Melbourne about GDB, its Python API and how it can be used to make awesome new stuff. I also gave demos of my tool gef, an architecture-agnostic...
Info A few weeks ago, I came across a GitHub repository created by @5aelo called armpwn for people wanting to have a bit of ARM fun. I had recently spent some time adding new features and perfectionning old ones to my exploit helper for GDB, gef...