Windows API Quirks in the Windows IPv6 address parsing and printing APIs I tested millions of string inputs to determine exactly what counts as an IPv6 address in Windows, and in the process found some interesting quirks that could lead to security vulnerabilities in Windows software.
how to DLL injection - Developing a simple injector. DLL injection is the process of forcing a running process to load a DLL (Dynamically Linked Library) of your choice. In this write-up, I'll walk you through the LoadLibraryA injection method. This causes
research Exploiting a Stack Buffer Overflow (ret2libc method) A stack buffer overflow occurs when a program writes to a memory address on it's call stack outside of the intended structure / space. In this walk-through, I'm going to cover the ret2libc (return-to-libc)
i didn't hack my christmas tree lights Sometimes you go to Target and fall in love with the most stupid and useless yet incredibly cool product you could buy with the spare $100 you don't really have and sometimes you
Story How I accidentally became a domain broker I buy domains. I buy stupid domains. I buy cheap domains. Put this together, mix it with mild recklessness towards my own finances, and you get hundreds of stupid domains. At one point
how to A 9-step recipe to crack a NTLMv2 Hash from a freshly acquired .pcap Open your .pcap that contains an NTLMv2 hash in Wireshark.Filter by ntlmssp to get the authentication handshake.artisanal smb2 authentication packets3. In this case, we get three packets. Find the NTLMSSP_AUTH
how to Makefiles, but in English: Part 1 Make is intelligent enough to be able to distinguish between them at runtime. But it's probably best to avoid storing different types in a variable.
Biohacking Biohacking: New VivoKey Spark Implant So, I got a VivoKey Spark. No, not a VivoKey Flex. This is a new product from VivoKey, that is currently 100% unreleased.The Spark is similar to the Flex One from VivoKey,
An easier SaltLAN My family does an annual LAN Party and one of the biggest complaints we have is that Steam takes ages to download for everyone. This year things are going to be different. I
RE Reverse engineering a 4 layer PCB, the slow and destructive way Excitement! There was a sketchy padded envelope in the mail today. Where do we go next?
research Phishing/Scam campaign research (ep. 2) I got another email. This one was interesting, the email was the standard "we had a rat on your computer that we used to take dirty pictures of you, give us money or
research ASCII art in hidden places Hiding data in new and interesting places has always been a fun objective for anyone who likes creating and solving challenges. One of the interesting secret hiding places for data I like to
research Phishing/Scam campaign research An email came in that an end user thought was suspicious. The end user passed it up to one of our team members, who then passed it up to me.Initial phishing emailTo
research Access-control exploitation (part 1) One job I was tasked with was getting a fingerprint-based reader tested and operational for demoing our new level of hardware support for more secure facilities, 2 factor physical access control; something you are (fingerprint) and something you know or have. (pin/card)