Category: Hacking

• WolvSec CTF: pwning canaries

  Another writeup for a pwn CTF challenge! In this challenge, we need to leak the canary value via format strings, and do a buffer overflow to change the return address to the desired function. The buffer for us to overflow is 16 characters long. It first reads in data with a format string, and prints […]

  Chan Jin Hao

  March 29, 2022

  CTF, Hacking

• Bootkits and Rootkits

  A good read that covers bootkits and rootkits, as well as the different variants of such malware. It details how these malware achieves persistence by embedding themselves deep into the boot phase of the machine. Doing so, it will bypass most application level anti-viruses. A Bootkit is a malware to modify the boot process of […]

  Chan Jin Hao

  December 24, 2021

  Hacking

• One Box A Day

  I’m back to Hacking the Box, and my goal is to do one box per day, even if it means looking at write ups. I’m currently subscribed to the VIP membership, and I’m doing the Linux Privilege Escalation Track. Even though I try my hardest for some of the box, I still peek at the […]

  Chan Jin Hao

  November 9, 2021

  Hacking, Life

• HTB: Starting Point

  Going to start some hackthebox to learn more stuff. While I have skills in the detection area, working with Netflow and DNS, I don’t have a strong offensive mindset. Perhaps that will be beneficial, thinking in terms of offense to develop a better defense. Set the ports to scan: ports=$(nmap -p- –min-rate=1000 -T4 10.10.10.27 | […]

  Chan Jin Hao

  September 19, 2020

  Hacking

• Process Injection

  I decided to revisit some fundamental security concepts again, and one of which I used in my previous employment was Process Injection. Process Injection is a technique of running your own code within the address space of another process. The hard part is getting your code in that address space, but there are numerous ways […]

  Chan Jin Hao

  April 5, 2019

  Hacking, Security

  Process Injection