Following a previous post on ARM exploitation, this post walks through extracting and analyzing modern IoT firmware to discover a previously unknown vulnerability. We then construct an ARM ROP chain that bypasses ASLR without an address leak to achieve unauthenticated RCE. ...
From vulnerability to exploit - this post explores the journey of developing an ARM ROP chain to exploit a buffer overflow in uc-http. ...
A couple of weeks ago my friend Sir_X told me about a heap challenge he was working on. Since I still have much to learn in this area, I decided to join him. Like most challenges of this kind, the journey was challenging but ultimately rewarding. ...
Ever since I got into security, kernel exploitation has fascinated me. So for my bachelor’s thesis, I finally decided to take a first dive into this deep and complex field - one that always seems to have more layers to uncover. ...
Last weekend I took on snakeCTF 2024 Quals. As I’m still focused on improving my binary skills, I decided to go for a reverse engineering challenge called Funtran. It certainly kept me busy for some hours and reminded me that paying attention in maths every now and then was worth it. :) ...