Introduction I am currently working through my OSCE prep material that I have gathered over the past few months, mainly generated after reading reviews and talking to friends who have taken the course. Without giving away any spoilers or specific information about the labs or the exam, I was able to highlight some key areas…
Introduction It was a cold Sunday evening, and I was doing nothing but afk’ing cannonballs on OSRS (shout out to @TimGMichaud) when I had an urge to make something. I was thinking about a conversation I had on Friday with Sion (fellow colleague/hacker friend) about methods of dropping malware, communicating with C2’s, how implants go…
Introduction During my prep for OSCE, my first goal was to learn to create a bind shell in x86, written from scratch. As we know, or may not know, a bind shell does what it says in the name. It binds a shell. Unlike a reverse shell, the process sets up a listener on the…
Introduction During my prep for OSCE, my first goal was to learn to create a bind shell in x86, written from scratch. As we know, or may not know, a bind shell does what it says in the name. It binds a shell. Unlike a reverse shell, the process sets up a listener on the…
I passed my OSCP in June 2018, so this post is a little late. But honestly, I figured everyone else writes one almost immediately, fuelled by the joy/sadness of receiving the email from OffSec. I did think about writing one straight away but I didn’t really know how it would differ to anyone else… “I…
Intro I finally had some time to get back to Billy’s ARM exploitation challenges found on his <a href=”https://github.com/Billy-Ellis/Exploit-Challenges”>github</a>. Until now, I have only really focused on the stack based vulnerabilities so I wanted to try some of his Heap based challenges. This post covers my approach to completing his ‘Heap Level 1’ challenge. The…
Initial finding Disclaimer: This information was found during a pen-test on a client. For that reason, my explanations and examples will be very vague and contain no sensitive information relative to the target but it will be kept close to the actual finding. If you’re not sure what XXE is, please refer to OWASP’s wiki…