Category: Hacking
-
WolvSec CTF: pwning canaries
Another writeup for a pwn CTF challenge! In this challenge, we need to leak the canary value via format strings, and do a buffer overflow to change the return address to the desired function. The buffer for us to overflow is 16 characters long. It first reads in data with a format string, and prints […]
-
Bootkits and Rootkits
A good read that covers bootkits and rootkits, as well as the different variants of such malware. It details how these malware achieves persistence by embedding themselves deep into the boot phase of the machine. Doing so, it will bypass most application level anti-viruses. A Bootkit is a malware to modify the boot process of […]
-
One Box A Day
I’m back to Hacking the Box, and my goal is to do one box per day, even if it means looking at write ups. I’m currently subscribed to the VIP membership, and I’m doing the Linux Privilege Escalation Track. Even though I try my hardest for some of the box, I still peek at the […]
-
HTB: Starting Point
Going to start some hackthebox to learn more stuff. While I have skills in the detection area, working with Netflow and DNS, I don’t have a strong offensive mindset. Perhaps that will be beneficial, thinking in terms of offense to develop a better defense. Set the ports to scan: ports=$(nmap -p- –min-rate=1000 -T4 10.10.10.27 | […]
-
Process Injection
I decided to revisit some fundamental security concepts again, and one of which I used in my previous employment was Process Injection. Process Injection is a technique of running your own code within the address space of another process. The hard part is getting your code in that address space, but there are numerous ways […]