Posts

CVE-2024-31227: Finding a DoS Vulnerability in Redis

A case study on advanced fuzzing techniques for network services.

Dynamic and Static Analysis for APKs

Leveraging static and dynamic analysis feature sets for comprehensive APK analysis.

Writeups

master

pwn,

heap,

rev,

web

Initial Access via LFI, Privilege Escalation via Heap Exploitation.

uaf-22.04

pwn,

heap

Use-After-Free on Ubuntu 22.04, Bypassing Safe-Linking.

uaf-20.04

pwn,

heap

Use-After-Free on Ubuntu 20.04.

overflow-22.04

pwn,

heap

Heap Overflow on Ubuntu 22.04, Bypassing Safe-Linking.

overflow-20.04

pwn,

heap

Heap Overflow on Ubuntu 20.04.

school

pwn

Back to the basics.

git it, GOT it, good!

pwn

Overwriting GOT to get a shell.

gimbal

pwn

Keeping it steady.

boffin

pwn

Buffer overflow challenge.

postage

rev

Speedy mail delivery.

labyrinth

rev

It's a-maze-ing how deep the rabbit hole goes.

heterograms

rev

Are you repeating yourself?

hand rolled cryptex

rev

Watch your file descriptors!

dora

rev

Swiper, no swiping!

bridge of death

rev

What is the air-speed velocity of an unladen swallow?

ping me

web

OS Command Injection.

nevernote pickle

web

Python pickle RCE.

nevernote csp

web

Reflected XSS leaking admin cookies.

log me in again

web

Time-based blind SQLi leading to database dump.

inclusion

web

PHP filter abuse for LFI.

go here 4 shell

web

PHP filter abuse leading to RCE.