hacking
-
I went on a small pwning adventure. The course has different modules on program security, and the first module is shellcoding. I’ve always tried to stay away from assembly and shellcoding. I’ve only done one challenge before (refer to a previous blogpost). I remember the first time I had to do this challenge with no…
-
While I was on holiday, I decided to leave my laptop behind (bad decision, always travel with your loved ones). At first, it was fine. However, last minute on the BlackHoodie Discord, I noticed there was a reverse engineering challenge by ProofPoint to win a free malware reverse engineering course by Invoke RE (and a…
-
This is a challenge from the Hack The Box cyber apocalypse CTF (2025). The goal of this challenge is to exploit a stack overflow. However, this binary has stack canaries protection so we need to leak the canary in order to avoid this : Stack canaries Stack canaries were implemented to prevent buffer overflow attacks.…
-
This is something I always found voodoo, figuring out how to recognize structures in decompiled binary code. Table of contents Introduction A struct is a data structure in C/C++ that groups variables of different types. I will be using BinaryNinja in this demonstration. I chose libz.1.3.1.dylib and also had access to the source code via…
-
Execute is a pwn challenge that requires us to write shellcode that bypasses the filter check. When we decompile the execute binary, we can see that there is a check function which will compare user input to an array of bad bytes. bad bytes:;Tbinsh\xf6\xd2\xc0_\xc9flag\x00 The bad bytes represent key parts of shell code execution, specifically…
-
I recently started learning binary exploitation (pwn), and this challenge introduced me to several key concepts. I found it particularly interesting, so I wrote this blog post to explore the details more deeply and solidify my understanding. Table of contents Introduction Opening up the binary in binaryninja, we go through the code to find the…
-
There is no excerpt because this is a protected post.
-
There is no excerpt because this is a protected post.
-
What is an LLM An LLM is a model trained on a large amount of data to predict and generate text, as well as understand words and sentences in context. Some definitions of LLM lingo Transformer: A deep learning architecture based on the ‘attention’ mechanism that determines the importance of each component (e.g., words) in…
-
Back in September 2024, I went to Hexacon. This is a security conference organized by Synacktiv, mostly focused on reverse engineering and vulnerability researching.This year’s sponsors were, but not limited to: This is the time when major companies and independent security researchers present their discoveries, whether from this year or the previous one. Some highlight…
pamoutaf 