Inicio Ver todas las entradas de Adrián
Archivos del blog

Remote Code Execution in Web.py framework

Posted on 08/11/2014 by Adrián Deja un comentario

Several months ago I happened to be looking at web.py‘s source code when I found an old-style (as in basic) remote code execution in the database module. Fortunately for most users of web.py, the database module is pretty simple and

Read more ›

Tagged with: , , , ,
Publicado en hacking, Programming, web hacking

How Effective is ASLR on Linux Systems?

Posted on 03/02/2013 by Adrián 5 comentarios

Address Space Layout Randomization (ASLR) is an exploit mitigation technique implemented in the majority of modern operating systems. In a nutshell, the idea behind ASLR is randomizing the process’ memory space in order to prevent the attacker from finding the

Read more ›

Tagged with: , , ,
Publicado en exploiting, hacking, Linux

XSS killed the anti-CSRF star

Posted on 23/01/2013 by Adrián Deja un comentario

This entry hopes to be a quick consideration about how one attack vector can at times dismantle the security of a different area of the application that was otherwise deemed secure. Truth is, security threats many times work like this,

Read more ›

Tagged with: , , ,
Publicado en web hacking

Calling Conventions Hunting

Posted on 20/01/2013 by Adrián Deja un comentario

When trying to understand a binary, it’s key to be able to identify functions, and with them, their parameters and local variables. This will help the reverser figuring out APIs, data structures, etc. In short, gaining a deep understanding of

Read more ›

Tagged with: , ,
Publicado en Programming, Reverse

SANS HolidayHack Write Up

Posted on 10/01/2013 by Adrián Deja un comentario

During this Christmas break, although I went back to Spain to stay with family and friends I still was able to get some time to look at the SANS HolidayHack 2012 CTF. I must say it has been great fun,

Read more ›

Tagged with: , , ,
Publicado en CTF, hacking, wargame

A very light introduction to packers

Posted on 03/12/2012 by Adrián 4 comentarios

It’s been a long time since I’ve been thinking of writing some posts about packers/crypters/protectors. I’m not sure how many I’ll write; it will probably depend on the interest of the audience. What I do know, is that I’ll try

Read more ›

Tagged with: , , , , ,
Publicado en cracking, Reverse

FormatFactory 3.01 Stack Based Buffer Overflow (SafeSEH bypass)

Posted on 25/11/2012 by Adrián Deja un comentario

Last week I saw this vulnerability disclosed in PacketStorm and I decided to create my own exploits; yeah, boredom is a powerful motivation. Original published exploit wouldn’t work for my system, maybe because it was designed for the German language.

Read more ›

Tagged with: , , , ,
Publicado en exploiting, seguridad, Windows
Archive
Me@twitter