Collaborate Disseminate
As per the NVD description and the httpd official website, the vulnerability states:
"Serving WebSocket protocol upgrades over a HTTP/2 connection could
result in a Null Pointer dereference, leading to a crash of the server
process, … Continue reading how to exploit CVE-2024-36387 in httpd [closed]
I am learning about shellcode development in C with an example from here. I can compile the assembly code and get de opcodes, also I can run successfully the ELF compiled with NASM, but I get a segmentation fault when I run the C test appl… Continue reading Segmentation fault in C shellcode x64
I am running nmap on an http server, and I got the netty version used by the server.
Netty version used is 9.4.53.v20231009 , I tried to check online for CVEs related to this version, and it seems this versions is not directly linked to CV… Continue reading can vulnerabilities in transitive dependencies be exploitable?
I’m trying to overwrite the return address caused by a buffer overflow. I’ve already calculated the distance between the buffer and the return address. The address that I want to jump to is 0x00005555555314 but every time I try to use \x14… Continue reading Can’t print hexadecimal formatted address in buffer overflow
I have asked this question on The WorkPlace SE site and did not receive any comprehensive answers over there. I have around 10 years of cybersecurity industry experience and have gained proficiency in using MetaSploit framework for automa… Continue reading How can I safely write in my resume that I have written a MetaSploit exploit module without making employers nervous?
It was hard to find papers on the applications of logical paradoxes(such as how Turing’s proof of the halting problem) or automata theory on penetration testing or exploit discovery. What are some projects one could work on to delve furthe… Continue reading What are some applications of automata theory and logical paradoxes on penetration testing and exploit discovery? [closed]
I discovered reading the documentation for int() in python that I could execute operating system commands if something like the following were passed to the int() constructor:
type(”,(),{‘a’:5,’b’:6,’c’:7,’__int__’:lambda x : exec("i… Continue reading Python Code Injection With int()
I am working through this guide and trying to implement a basic x64 buffer overflow on Linux.
I am having an issue whereby if the address I provide is a valid address and points at valid instructions it will not be loaded into RIP (I don’t… Continue reading Overwriting a value won’t load into RIP on x64 Linux
The program I am working with has a POC published for it, but not a full explanation. I have been told by my mentor (I am part of a research program) to disclose as little information as possible about the exploit.
The program is ran on Ka… Continue reading Specifying an integer within the maximum of an unsigned 64-bit integer does **not** cause a buffer overflow
Yesterday I installed ParrotOS and during the install I was given the option:
install automotive exploitation toolkit
After some research, I realized that stuff like that was actually important and often used.
So, the question: What kin… Continue reading What kind of vulnerabilities are found in automotive computer systems? [closed]