Home

Oh hey, welcome to the world of Buffer Overflows. Let’s embark on our journey to the world of binaries with the most basic exploits ever - Stack Overflows. We’ll learn a lot of stuff, including totally useless awesome assembly, and how binaries work

In the last tutorial we investigated using assembly for reverse engineering by using IDA to observe the assembly code of the executable. Understanding assembly is incredibly useful and allows one to understand how the internals of the program are working. However sometimes figuring and reversing the logic of the program using just assembly becom...

What is Penetration Testing? Penetration testing or Pen testing is a security exercise where a cyber-security expert attempts to find and exploit vulnerabilities in a computer system. The purpose of this simulated attack is to identify any weak spots in a system’s defenses which attackers could take advantage of. This is like a bank hiring some...

Hacking PCs is so 2000, let’s hack a PS4! Okay, hacking PCs is not so 2000s but still, for my first blog post here I decided to spice things up and show you guys a (now patched) race vulnerability that can be used for a local privilege escalation attack on the PS4 (and also FreeBSD 9 and 12).

Reverse Engineering is one of the most interesting fields in cybersecurity and ethical hacking. Through this post we will try to simplify this field by going through the ideas involved in a step by step manner. We’ll be focussing on simple ELF Linux executables for now and later on we will also investigate reverse engineering windows exe executa...

Welcome to Binary Exploitation or what is popularly also known as Pwning.

Authentication In this section, we’ll look at some of the most common authentication mechanisms used by websites and discuss potential vulnerabilities in them. What is authentication? Authentication is the process of verifying the identity of a given user or client. There are three authentication factors into which different types of authentica...

What is XML External Entity Injection? XXE is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any backend or external systems that the application itself can access. How do XXE Vuln...