Recent Posts

HTB Fatty Writeup by Immo

The box was rated as insane and required us to grab a client and information from an anonymous FTP server, modify the Java client to exploit lacking server side validation, exploit Java deserialization, and exploit and careless administrator who periodically pulls log archives from within docker containers and extracts them. All in all this box was quite entertaining but not necessarily insane. Rather it mostly was just time-consuming.

HTB Dream Diary Chapter 1 Writeup by FizzBuzz101

Now that Dream Diary: Chapter 1 has finally retired, here is my writeup for it. This problem along with Chapter 2 were perhaps the 2 heap challenges I solved over a year ago that helped me start to understand heap pwn, and also inspired me to develop Dream Diary: Chapter 3 down the road.

HTB Cascade Writeup by dmw0ng

Cascade is a medium difficulty windows machine that requires a lot of enumeration. Credentials can be found in different places, and one set is decrypted by reversing an application. For the final privilege escalation we abuse an Active Directory feature using deleted objects.

ret2csu ARM 32bit by gbyolo

In this post I’ll show you how to port the ret2csu technique on ARM binaries. This technique allows full ASLR bypass using ROP gadgets inside the binary only. We will see that it also turns out to be a very effective technique to easily chain ROP gadgets.