tl;dr - fuzzy is a "super secure parsing engine", that includes a histogram function. The histogram ascii text uses a buffer on the stack, but will increment
buckets past the end of the buffer if non ascii text is provided, allowing us to
rop. Binary and exploit available here.
Cross …
Recent articles
Ghost in the Shellcode 2014 -
read moreGhost in the Shellcode 2014 -
gitsmsgread moretl;dr -
gitsmsgis a messaging server. A heap overflow led to arbitrary read / write and eventual code exec after circumventing RELRO. Binary and exploit available here. Cross post from PPP blog.The program
First, we reverse engineered much of the binary. You "login" as a user, then can compose …
Introduction to return oriented programming (ROP)
read moreA brief introduction to Return Oriented Programming (ROP) exploits.
A brief introduction to x86 calling conventions
read moreTo support some of my other tutorials, I prepared a brief introduction to x86 calling conventions.
Introduction to format string exploits
read moreA brief introduction to format string exploits.
PicoCTF Videos
read moreFor PicoCTF this year, I made some slides and recorded some video tutorials.
Exploiting a Go Binary
read moreEarlier this year, tylerni7 showed us a proof of concept for a 32 bit Go exploit using this issue. geohot and I had a wager over who could get the first remote code execution on play.golang.org: he won, but just barely ;-). Props also to ricky for helping to find the underlying cause/writing the patch. Here is a summary of how we did it.
Pai Mei on Mac OSX 10.8
read morePai Mei is an open source windows reverse engineering framework. At one point, it was ported to Mac OSX but the project is not very actively maintained and the current instructions are quite lacking. This post hopes to offer some guidance and reduce some of the frustration involved in installing …
Securing and Exploiting Go Binaries
read moreI have spent some time over the past month or so trying to use Go binaries in a secure manner and trying to exploit Go binaries and I thought it would be useful if I talked a little bit about my journey.