Hack to learn!

While playing some pwn in HackZone CTF, i figured out a new technique for Arbitrary Code Execution only by using the read function from libc.

Read More...

CVE-2019-18276 - Suidbash
28 November 2019

This exploit was initially based on an older vulnerability back in 1999 (suidperl). Now after 20 years in 2019 we found the same vulnerability in bash (CVE-2019-18276) was discovered by Ian Pudney.

Read More...

Memcached Enumeration
4 February 2019

A server cache is an information technology for the temporary storage of data, to reduce server lag. I find a lot of those technologies in my daily work while doing penetration testing. Memcached is one of them and I’d like to talk about it and how to extract informations from it.

Read More...

Sigreturn-oriented programming (SROP) is a exploit development technique used to execute code, this attack employs the same basic assumptions behind the return-oriented programming (ROP) technique.

Read More...

Samba 3.0.0 - 3.0.25rc3 are subject for Remote Command Injection Vulnerability (CVE-2007-2447), allows remote attackers to execute arbitrary commands by specifying a username containing shell meta characters.

Read More...