Cha1ned’s

2021-07-19 18:19:34 Started my way of linux kernel exploitation yesterday from perfect article about character device drivers and some more internals. (Resource seems to be very interesting, I should dig into it)

link: https://linux-kernel-labs.github.io/refs/heads/master/labs/device_drivers.html
#kernel #linux #drivers Open / Comment

2021-07-14 02:04:01 Huh, as as promised, I created a write-up for redpwnCTF 2021 'simultaneity' challenge. Any kind of feedback will be appreciated (because it’s my first writeup lol)

link: https://telegra.ph/Write-up-of-simultaneity-pwn-challenge-from-redpwnCTF-2021-07-13
#heap #scanf #internals #writeup Open / Comment

2021-07-10 18:41:19 While solving one task from redpwn ctf ( I’ll create my own writeup later, sure. Task is excellent) I found some amazing writeups that reviews similar exploitation techniques.

1) Interesting way of exploiting format string bug in binary with disabled PIE: overwriting __do_global_dtors_aux_fini_array_entry to hijack code execution flow.
link: https://ctftime.org/writeup/20796

2) Overwriting __IO_write_ptr and calling exit ( forcing exit to call __IO_overflow_t ) to leak libc and changing vtable of __IO_file
to hijack code execution flow.
link: https://hackmd.io/@ptr-yudai/ByRfC6O_H

3) Discovering .tls segment for exploitation purposes
link: https://fireshellsecurity.team/byte-bandits-look-beyond/

#pwn #heap #tls #IO #format-string-bug #stack Open / Comment

2021-07-10 18:09:21 Detailed research (fork of google project zero’s article) about abusing exit handlers and glibc hooks.

link: http://binholic.blogspot.com/2017/05/notes-on-abusing-exit-handlers.html
#pwn #hooks Open / Comment

2021-07-02 23:08:55 Great writeups of heap ctf challenges from picoctf by Faraz Faith. Techniques covered by this article: unsortedbin attack, tcache poisoning and unusual way of exploiting fastbindup (overwriting main_arena's wildernesses leads to arbitary write primitive). Also some tcache internals are described.

link: https://faraz.faith/2019-10-12-picoctf-2019-heap-challs/
#pwn #heap #fastbindup #tcache Open / Comment

2021-07-02 17:56:33 Interesting fact: using forged IS_MMAPED flag to avoid calloc zeroing out memory leads to heap and libc leak.

link: https://0xpwny.wordpress.com/2019/03/14/bypass-calloc-zeroing-memory/
#pwn #heap #calloc #is_mmaped Open / Comment

2021-06-27 15:50:07 Repository which contains useful pdf files about heap exploitation techniques.

link: https://github.com/bash-c/slides/tree/master/pwn_heap
#heap #pwn Open / Comment

2021-06-22 13:11:40 Pangu exploit analysis for iphone4 on ios 7.1.2 with PoC.
link: https://googleprojectzero.blogspot.com/2018/10/deja-xnu.html

#pwn #ios #integer_overflow Open / Comment

2021-06-21 18:34:02 One of many interesing articles from collection which reviews booting compiled XNU kernel for devices with A4 processor (iphone4)
link: https://www.theiphonewiki.com/wiki/Tutorial:Booting_XNU_on_A4_Devices

#xnu #internals

227 views15:34

Open / Comment