CVE-2024-49138 Windows CLFS heap-based buffer overflow analysis - Part 1 - hn security
CVE-2024-49138 is a Windows vulnerability detected […]| hn security
In the previous article, we discussed […] The post CVE-2024-49138 Windows CLFS heap-based buffer overflow analysis – Part 2 appeared first on hn security.| hn security
CVE-2024-49138 is a Windows vulnerability detected […]| hn security
In the last part of this […]| hn security
After attending the OST2 – Exp4011 […]| hn security
I’ve spent the majority of the days since watching James Kettle’s talk rewatching it, reading the paper and supporting materials, and hacking away at the Python code. I’ve learned that HTTP De-Sync attacks are highly complex, and they provide a number of challenges. On the other hand, they are incredibly powerful and versatile, and this […]| Sharp Security
Defcon just started publishing this year’s talks on YouTube and it includes an excellent talk by James Kettle on HTTP De-Sync attacks, furthering his research from last year. I found the subject fascinating and highly recommend you check out the talk, paper and corresponding Burpsuite plugins, along with the Portswigger labs to try it for […]| Sharp Security
When researching for another project this week, I came across a couple of CVEs, with no exploits, for Apache’s Any23 service. As I couldn’t find any exploit code online, I decided to try and write my own. One CVE, CVE-2021-40146 is a RCE vulnerability, with no exploit code online. Follow the link and you’ll see […]| Sharp Security
Exploit Developer Student – XDS Course Review I first want to thank eLearnSecurity for creating such a course on this topic of exploit development. I have always been a big fan of the Windows operating system. For the past few years, I have spent a lot of time on Windows reverse engineering, Windows internals and […]| 🔐Blog of Osanda
And I’m back with another write up tracking my progress figuring out all the ways to break vulnserver! This time we will fuzz and break the GMON command. This time we will see that it’s not a classic buffer overflow, but rather a very specific overflow that requires a bit more work to make it work for us. Without going into more detail too early, let’s start fuzzing the application!| anubissec.github.io
This is it, I’m jumping on the bandwagon of documenting my OSCE/CTP prep. Even though blogs like this are plentiful, and certainly will contain a larger wealth of knowledge than what will be found here, I am mainly doing this for my own tracking. I would like to not only see my own personal growth, but I’ve always said to people “If you can teach/explain a topic to someone else, that’s when you know you fully understand it.”| anubissec.github.io
Previous Post in Series:| k3170
Previous Post in Series:| k3170
This post is part of a series, check out the others in the series here:| k3170
In this post and the others in this series, I will unpack some of the internals to glibc's dynamic heap data structures and associated beasts. This post specifically will start you off with no background insight on the heap (perhaps a little on ELF internals and debugging), and detail some experiments you can perform to learn how the heap works.| k3170
This post is part of a series on the ELF format, if you haven't checked out the other parts of the series here they are:| k3170
In July 2022, I took the SANS SEC 760 class in Berlin. I always promised myself and some close friends to write a review, but I didn’t have the time until the Christmas break. This blog post aims to be a day-by-day review of the SANS SEC760 course content and its CTF, NetWars tournament and […] The post SANS SEC760: Advanced Exploit Development for Penetration Testers – Review appeared first on VoidSec.| VoidSec
Introduction| Arne Swinnen
The following multi-part blog series will cover how I (McCaulay Hudson) developed the mast1c0re exploit on both the PlayStation 4 and PlayStation 5.| McCaulay
Modifying PS2 game save files by creating a PSU file format parser.| McCaulay
