Building a Compact XOR Encoder for Shellcode: A Step-by-Step Assembly Guide
If you’ve been through the [Worldmail exploit write-up]({% post_url 2020-05-09-worldmail-exploit %}) or spent any time developing shellcode, you’ve …
Exploit-Development
Worldmail IMAP Exploit: Writing a Public SEH Buffer Overflow From Scratch
If the stack-based buffer overflow is where exploit development starts, Structured Exception Handler overflows are where it gets more interesting. The primitive …
Corelan Advanced Exploit Development Review: Is It Worth It?
People had warned me. “It’s 9am to 9pm,” they said. “You won’t sleep much.” They weren’t wrong. Three days of Corelan …
Teaching Exploit Development at BSides London 2014: What I Learned From My First Workshop
BSides London 2014 was a milestone for me. Not because of the conference itself — though it was great — but because it was the first time I’d stood in …
Bypassing ASLR: Techniques for Exploit Developers Who've Hit the Wall
So you’ve worked through the stack overflow. You’ve got EIP control. You’ve confirmed your shellcode executes cleanly in the lab. Then you …
TFTP Fuzzer: Finding Vulnerabilities in UDP-Based Protocols with Python
Most people learning pentesting focus on TCP. Makes sense — HTTP, FTP, SMB, that’s where a lot of the action is. But UDP protocols are a different beast, …
FTP Fuzzer: How I Found Real Bugs in FTP Servers with This Python Tool
If you want to find vulnerabilities in software, fuzzing is one of your best friends. The idea is simple: you throw a massive amount of unexpected, malformed, …
Abusing the Stack: A Beginner's Guide to Buffer Overflow Exploit Development
Exploit development has a reputation. People hear “buffer overflow” and assume it’s reserved for the elite — some dark art practiced by a …