Windows Kernel Exploitation – HEVD x64 Use-After-Free
This part will look at a Use-After-Free vulnerability in HEVD on Windows 11 x64.
14Jul
10Jul
Windows Kernel Exploitation – HEVD x64 Type Confusion
In the last post, we looked at a Stack Overflow in HEVD on Windows 11 x64, now are going to continue with a Type Confusion Vulnerability.
02Jul
Windows Kernel Exploitation – HEVD x64 Stack Overflow
After setting up our debugging environment, we will look at HEVD for a few posts before diving into real-world scenarios. HEVD is an awesome, intentionally vulnerable driver by HackSysTeam that allows exploiting a lot of different kernel vulnerability types. I think this one is great to get started because...
01Jul
Windows Kernel Exploitation – VM Setup
In this series about Windows kernel exploitation, we will explore various kernel exploit techniques & targets. This short first part will deal with the VM setup for the rest of the series.
14Jun
Bypassing DEP with VirtualProtect (x86)
In the last post we explored how to exploit the rainbow2.exe binary from the vulnbins repository using WriteProcessMemory & the "skeleton" method. Now we are going to explore how to use VirtualProtect and instead of setting up the arguments on the stack with dummy values and then replacing them, we...
12Jun
Bypassing DEP with WriteProcessMemory (x86)
In this post I will show an example on how to bypass DEP with WriteProcessMemory. This is a bit more complicated than doing it with VirtualProtect but nonetheless an interesting technical challenge. For the target binary I will use rainbow2.exe from my vulnbins repository.
16Jan
Lab – Rainbow Walkthrough
Rainbow is a medium difficulty machine that involves a SEH-based buffer overflow for user and a UAC bypass for root.
25Sep
SEH Based Buffer Overflow with Space Limitations – Kevin @ PG Practice
We are solving Kevin, an easy-rated Windows machine on PG Practice that involves a SEH Based Buffer Overflow.
09Sep
SEH Based Buffer Overflow & DLL Hijacking – UT99 @ PG Practice
We are solving UT99, an intermediate windows box on PG Practice. On this box, we are going to exploit an SEH based buffer overflow. And to make it a bit more fun we'll do that one manually instead of just firing some exploit from exploitdb. Then for root, we will...
08May
Vim RCE & OpenBSD Binary Exploitation – Attended @ HackTheBox
We will solve Attended, a 50-point machine on HackTheBox. For user, we will be sending some emails back and forth and then append a payload that exploits a Vim RCE, followed by adding a malicious ssh config. For root, we will exploit a custom OpenBSD binary that is used as...