Collaborate Disseminate
The classic malloc overflow, of overwriting pointers in a free chunk, to cause free() unlink to overwrite an arbitrary location with an arbitrary value, is no longer possible with modern glibc (although, other, more complicated attacks are… Continue reading How does glibc prevent malloc unlink exploits?
I wrote the following:
#include <stdio.h>
int win(){
printf("Won!\n");
return 0;
}
int vulnerable(){
char buffer[20];
memset(buffer, 0, 10);
printf("Input: ");
read(0, buffer, 100);
if… Continue reading 64 Bit ELF Buffer Overflow Not working possibly due to if statement
In September 2021 Black Lotus Labs (BLL) posted a blog entry discussing a payload loader that was:
written in Python
compiled to an ELF exe using PyInstaller in Debian in WSL
and "injected into a running process using Windows API cal… Continue reading How can an ELF binary call a Windows API from WSL(2) to deploy a payload?
I know the wording might be off so bear with me a minute to explain what I’m trying to find:
If you never touched the topic, you start off with stack buffer overflows, then you learn about ret2libc, nop sleds and some other stuff. Then com… Continue reading What are the latest techniques/advances in binary exploitation? Conversely, latest advances in defending against them?
Dangling pointer(heap)
Use After Free(heap)
Double Free(heap)
Off by one(stack)
Integer Overflow(stack)
Unused Variable(stack and heap)
underrun(stack and heap)
race condition(stack and heap)
From what I’ve seen unused variable and under… Continue reading What are some exploitable memory corruption attacks I have not listed?
I’m starting to learn about binary exploitation and 0day development. I have learned about stackoverflows, ASLR, DEP, stack cookies and so on… But then I came across this video:
https://www.youtube.com/watch?v=o_hk9nh8S1M
I was very moti… Continue reading Future of binary exploitation
The majority of my cyber security background comes in the form of web application vulnerability testing, and whilst I do have a degree of prior experience in studying and performing application exploitations it has been several years since… Continue reading Are buffer overflow and similar attacks still possible?
I noticed that most exploit development online resources are about fuzzing and exploiting different flavors of buffer overflow. The problem with that is that most CVE are not necessarily related to buffer overflow.
So my question is : are … Continue reading What are the different specialties in exploit development/research [closed]
I am solving behemoth0 and have successfully reverse engineered and understood how the program works. Here is my exploit for the vulnerable program.
#include <iostream>
#include <string>
#include <cstring>
int main() {
… Continue reading OverTheWire: Piping the password into a vulnerable program does not escalate privilege
Are there any currently known working proof of concept for ZDI-21-341
ZDI-CAN-12060?
Resources:
https://www.zerodayinitiative.com/advisories/ZDI-21-341/
https://vulners.com/zdi/ZDI-20-126
Continue reading Proof of concept for ZDI-21-341 ZDI-CAN-12060