Doc Icon

Fuzzer Development 4: Snapshots, Code-Coverage, and Fuzzing

Doc Icon

Fuzzer Development 3: Building Bochs, MMU, and File I/0

Doc Icon

Fuzzer Development 2: Sandboxing Syscalls

Doc Icon

Fuzzer Development 1: The Soul of a New Machine

Doc Icon

Escaping the Google kCTF Container with a Data-Only Exploit

Doc Icon

PAWNYABLE UAF Walkthrough (Holstein v3)

Doc Icon

Fuzzing Like A Caveman 6: Binary Only Snapshot Fuzzing Harness

Doc Icon

Fuzzing Like A Caveman 5: A Code Coverage Tour for Cavepeople

Doc Icon

CVE-2020-12928 Exploit Proof-of-Concept, Privilege Escalation in AMD Ryzen Master AMDRyzenMasterDriver.sys

Doc Icon

Fuzzing Like A Caveman 4: Snapshot/Code Coverage Fuzzer!

Doc Icon

Fuzzing Like A Caveman 3: Trying to Somewhat Understand The Importance Code Coverage

Doc Icon

The Summer of PWN

Doc Icon

HEVD Exploits -- Windows 10 x64 Stack Overflow SMEP Bypass

Doc Icon

CVE-2020-12138 Exploit Proof-of-Concept, Privilege Escalation in ATI Technologies Inc. Driver atillk64.sys

Doc Icon

HEVD Exploits -- Windows 7 x86 Use-After-Free

Doc Icon

HEVD Exploits -- Windows 7 x86 Non-Paged Pool Overflow

Doc Icon

HEVD Exploits -- Windows 7 x86 Integer Overflow

Doc Icon

Fuzzing Like A Caveman 2: Improving Performance

Doc Icon

Fuzzing Like A Caveman

Doc Icon

HEVD Exploits -- Windows 7 x86 Uninitialized Stack Variable

Doc Icon

HEVD Exploits -- Windows 7 x86 NULL Pointer Dereference

Doc Icon

HEVD Exploits -- Windows 7 x86-64 Arbitrary Write

Doc Icon

HEVD Exploits -- Windows 7 x86 Arbitrary Write

Doc Icon

HEVD Exploits -- Windows 7 x86-64 Stack Overflow

Doc Icon

HEVD Exploits -- Windows 7 x86 Stack Overflow

Doc Icon

Image-Based C2 Channel Proof-of-Concept

Doc Icon

Making Gnome Terminal Look Like XTerm

Doc Icon

Creating Win32 ROP Chains

Doc Icon

Win32 Reverse Shell Shellcode

Doc Icon

Baby's First Win32 Shellcode Part 2

Doc Icon

Baby's First Win32 Shellcode

Doc Icon

Creating a Rootkit to Learn C

Doc Icon

Eight Certs in 18 Months, Lessons Learned

Doc Icon

CTP/OSCE Prep -- Wrapping Up Our Prep

Doc Icon

CTP/OSCE Prep -- Xitami Webserver 2.5 SEH Overflow With Egghunter

Doc Icon

CTP/OSCE Prep -- Easy File Sharing Web Server 7.2 SEH Overwrite

Doc Icon

CTP/OSCE Prep -- Offset Helper for CTP

Doc Icon

CTP/OSCE Prep -- 'HTER' EIP Overwrite with a Twist

Doc Icon

CTP/OSCE Prep -- 'LTER' SEH Overwrite v2.0!

Doc Icon

CTP/OSCE Prep -- A Noob's Approach to Alphanumeric Shellcode (LTER SEH Overwrite)

Doc Icon

CTP/OSCE Prep -- 'LTER' SEH Snafu! and EIP Overwrite Success

Doc Icon

CTP/OSCE Prep -- 'GMON' Egghunter With Character Restrictions

Doc Icon

CTP/OSCE Prep -- 'GMON' Egghunter Exploit in Vulnserver

Doc Icon

CTP/OSCE Prep -- 'GMON' SEH Based Overflow in Vulnserver

Doc Icon

CTP/OSCE Prep -- Boofuzzing Vulnserver for EIP Overwrite

Doc Icon

SLAE x86 Review

Doc Icon

SLAE Assignment 7 -- Custom Crypter

Doc Icon

SLAE Assignment 6 -- Polymorphic Shellcode

Doc Icon

SLAE Assignment 5 -- MSF Analysis

Doc Icon

SLAE Assignment 4 -- Encoder

Doc Icon

SLAE Assignment 3 -- Egg Hunter

Doc Icon

SLAE Assignment 2 -- TCP Reverse Shell

Doc Icon

SLAE Assignment 1 -- TCP Bind Shell

Doc Icon

WAPT/eWPT Review

Doc Icon

PWK/OSCP Review