All Stories

A tale of a restricted charset shellcode generation

During my OSCE exam preparation I had to deal with shellcode writing experience where very few allower characters were available.

Create your own telemetry system

In order to monitor dawnscanner security scaner usage, I introduced in upcoming version 2.0.0, a telemetry system.

How an excercise eventually becomes my first public exploit

A couple of days ago, I was working on my exploit-writing routine as preparation for my upcoming OSCE examination.

Backflip into the stack

During my OSCE journey I came across an interesting technique to jump backwards into the very beginning of the buffer injected on the vulnerable process.

A closer look to msf-egghunter

The egghunting is a technique used in exploit writing to deal with evil shellcode to be placed in a memory location different from the one we are redirected via EIP...

Digging into Vulnserver: fuzzing it

Vulnserver is a Win32 application built to simulate a TCP/IP server listening on port 9999 and accepting commands from unauthenticated clients.