• |

    Dell KACE K1000 Remote Code Execution – the Story of Bug K1-18652


  • |

    City of Cons: 31C3 Meets BSidesHH

  • |

    Google Bug Bounty: Nice Catch on Google Cloud Platform Live

  • |

    SLAE: Egg Hunters (Linux/x86)


  • [IA2] Free WMA MP3 Converter v1.5 (.wav) Local Buffer Overflow Vulnerability *updated*

    I’ve found a local stack buffer overflow vulnerability in “Free WMA MP3 Converter” version 1.5 which could lead to a remote shell when using the proper shellcode. This exploit is slightly different compared to the others out there: It’s for the newest version and works on Windows XP and Windows 7 x86 and x64 🙂 […]

    /

  • [IA1] GPSMapEdit v1.1.73.2 (.lst) Local Denial of Service Vulnerability

    Here’s my first realapplication vulnerability :-). Since this is only a small bug with nobigger impact its severity is therefor considered as “low”. Read full advisory and PoC

    /

  • Buffer Overflow Exploitation: Jump to shellcode via PUSH ESP, RET

    Another possible way to jump to shellcode is using the PUSH ESP, RET technique. If you’ve got no usable CALLs or JMPs to ESP for some reasons, you can first use a PUSH ESP to put the address of ESP onto the Stack and after that RET that value to the EIP. So this is […]

    /

  • Buffer Overflow Exploitation: Jump to Shellcode via CALL ESP

    In my first tutorial I’ve taken a JMP ESP from some system .dll called WMVCore.dll. Since this isn’t a reliable jump, because the WMVCore.dll might differ from OS version to OS version, it would be more reliable to take one from a loaded application DLL. Those will never change, because they always come with the […]

    /

  • Stack Manipulation Using POP RET

    Exploiting is a very interesting topic and there are many ways of manipulating the stack. One of those ways is using the POP, RET functions. Using the “Free MP3 CD Ripper” – Exploit from my first tutorial, I would like to show how a POP RET is basically working (and displayed in IDA), since these […]

    /

  • Buffer Overflow Exploitation: A Real World Example

    Hello readers again! Since I am still getting deeper into penetration tests in AppSec, it helps quite a lot to write about things to get new ideas and thoughts – so I decided to write a little tutorial on how a buffer overflow basically works using a real world example. There has been posted a […]

    /

  • Hello World

    Hello World

    Welcome to my blog about IT-Security, Vulnerability Researching, Reverse Engineering, Linux, and creativity in general :-). This blog will contain everything the Security-heart loves – enjoy your reading! This site is officially still under construction since I have to test some other plugins to optimize the view and handling of my site. But feel free […]

    /