Posts

I’ve been working through OSED coursework recently, after finding a copy of a pdf floating around on the internet. Since then, I’ve re-written 3 stack overflows and 3 SEH overflows, and they are all available on my github. However, those are sort of simple, since those binaries did not have any memory protections at all. This article covers the struggles in creating my first ROP chain, and how much I learned through it. I completed this on Easy File Sharing Web Server 7.2. It started very simple, but I ended up using my rop chain to build a second rop chain, then jump back to the original chain. There was a total of 4 stack pivots in this exploit, and it felt just as confusing as my first network pivot. ...

I’ve been doing some driver reverse engineering and exploitation since the last webserver. Since then, I have found 4 high severity CVE’s in drivers or programs. These all lead to priviledge escalation from low/medium integrity -> high integrity. This product claims 10 million active users and 500 million downloads, thats hard to beleive though. This shows two seperate privilege escalations in the same exact anti virus. Two entirely different methods, same result. ...

I have started hosting a webserver with ZERO aviability entirely in the kernel. This webpage also includes the capabilities to take any input and put it in the RIP pointer, which will likely bluescreen the webpage. As a result, a button was attached to power cycle this computer. Github project is avilable here, with a short video showing where it is functional. It may not be functional now! There are many scripts that allow this to work. https://github.com/nasawyer7/ripme ...

I began studying for the HTB CDSA (Certified Defensive Security Analyst) exam shortly after completing the CPTS. HTB has proven again and again to be a worthwhile time investment and a quick way to learn. Again, there’s no reason to detail what the exam is. No idea why so many other blog posters do this useless action. I completed 19/20 technical questions of the first incident within the first 8 hours. I never found the last flag; this one will forever haunt me. I was able to write the majority of the report for this section within the second day. It took me another 8 hours to finish finding evidence on the second attack. It took about another 5 hours to finish that report, and I submitted my test with 3 days and 20 hours to spare. The report spanned 49 pages, using the syspreptor template. ...

Recently, I started studying for the CDSA exam, which involves the use of ELK to solve challenges. HTB also created a track to help students prepare for the CDSA exam, featuring 11 challenges. That track is linked here In this post, I will show how to easily ingest and solve one of these challenges using the ELK stack. Preparation To set up elk, I used this wonderful docker elk github available here ...