Syscalls - Messing with Shellcode and Seccomp Filters

I’ve decided to work on my binary exploitation skills lately so I went after some pwn challenges. Syscalls from this year’s UIUCTF was one of them. I learned a ton from it and figured it might be worth sharing. ...

July 25, 2024 · 13 min · 2680 words · born0monday

Beyond the @ Symbol: Exploiting the Flexibility of Email Addresses to gain RCE

As part of a security research, my collegue parzel and I examined the commercial and open source spam filter appliance MailCleaner. It turned out that the software was not fully aware of the flexibility offered by email address specifications, and as a result, we found an RCE that could be triggered by sending a malicious email. ...

June 7, 2024 · 1 min · 62 words · born0monday