hacking
-
Why am I suddenly running to so much malware online? Is there something that’s changed, really? Am I… vulnerable? 🥺 Anyway, I mistyped an airline that I am flying with, and of course I came across malware. I think big companies should think about this in advance and buy similar named domains, potential typos and…
-
Soooo when I go to Spain, I like to treat myself. One thing in particular is to get my nails done. As I was preparing for my trip, I decided I’d book an appointment at the nail salon I usually go to. To my surprise, the website showed a weird page. Discovery (I can’t explain…
-
This post documents my first hardware hacking project: dumping the firmware from a Reolink E1 Pro security camera. Just to be clear, I was (and still am) a complete beginner when it comes to hardware hacking. I did this together with my roommate, who had slightly more experience than me and already owned some basic…
-
Up until now (except an attempt to rev a Rust pwn challenge that I immediately stopped), I’ve been reverse-engineering C compiled binaries. Until recently, I haven’t really been exposed to C++ compiled binaries. In order to get a better understanding, it’s essential to understand the differences between C & C++. C vs C++ comparison C++…
-
I went on a small pwning adventure. The course has different modules on program security, and the first module is shellcoding. I’ve always tried to stay away from assembly and shellcoding. I’ve only done one challenge before (refer to a previous blogpost). I remember the first time I had to do this challenge with no…
-
While I was on holiday, I decided to leave my laptop behind (bad decision, always travel with your loved ones). At first, it was fine. However, last minute on the BlackHoodie Discord, I noticed there was a reverse engineering challenge by ProofPoint to win a free malware reverse engineering course by Invoke RE (and a…
-
This is a challenge from the Hack The Box cyber apocalypse CTF (2025). The goal of this challenge is to exploit a stack overflow. However, this binary has stack canaries protection so we need to leak the canary in order to avoid this : Stack canaries Stack canaries were implemented to prevent buffer overflow attacks.…
-
This is something I always found voodoo, figuring out how to recognize structures in decompiled binary code. Table of contents Introduction A struct is a data structure in C/C++ that groups variables of different types. I will be using BinaryNinja in this demonstration. I chose libz.1.3.1.dylib and also had access to the source code via…
-
Execute is a pwn challenge that requires us to write shellcode that bypasses the filter check. When we decompile the execute binary, we can see that there is a check function which will compare user input to an array of bad bytes. bad bytes:;Tbinsh\xf6\xd2\xc0_\xc9flag\x00 The bad bytes represent key parts of shell code execution, specifically…
-
I recently started learning binary exploitation (pwn), and this challenge introduced me to several key concepts. I found it particularly interesting, so I wrote this blog post to explore the details more deeply and solidify my understanding. Table of contents Introduction Opening up the binary in binaryninja, we go through the code to find the…