2023-02-13 02:49   Help a newbie find his way in malware development    #[email protected] #安全文章 I'm a computer security enthusiast and aspiring malware developer looking for some guidance and resources. Can anyone point me in the right direction for some free resources to get started with malware development? Bonus points if you can throw in a roadmap for me to follow! Thanks for your help, I

2023-02-09 17:24   Join the ExploitDev - MalwareDev - Reverse Engineering Discord Server!    #[email protected] #安全文章   submitted by   /u/xenonexi [link]   [留言]

2023-02-07 09:05   Fuzzing ATM/POS protocols like a Boss    #[email protected] #安全文章 Generally Buffers overflow family targets common protocols like HTTP,SMB,FTP,… ; indeed there is lack of papers, tools, exploits targeting financial/payment protocols like NDC and ISO8385. In this article I present two fuzzers for the protocols ISO8385 and NDC; hoping that it will help other securit

2023-02-06 22:08   ExploitDev, Malware & Reverse Engineering IRC    #[email protected] #安全文章 Hey guys! I've got an idea. As you all know ExploitDev, MalwareDev and Reverse Engineering aren't easy fields to get into for newcomers. While there are at least some ressources (CTFs, Pwn College, etc) out there, its still a quite complicated, niche field. May newcomers like myself get overwhelmed

2023-02-06 05:46   Exploit Education's Phoenix Stack Four Challenge Writeup    #[email protected] #安全文章 Hi everyone, I have just released the writeup for Exploit Education's Phoenix Stack Four challenge. Any reactions & feedback would be most welcome. Thanks in advance! https://medium.com/@secnate/phoenix-challenges-stack-four-6366b29a1223   submitted by   /u/ProgrammingBro123 [link] &

2023-02-05 09:51   Looking for an ExploitDev Mentor!    #[email protected] #安全文章 Hey guys! Im a somewhat expercienced programmer, fluent Python, C and Ruby, just getting into Assembly as well. i've got some experience in hacking in general and have been using linux as my main OS for several. I wasnt sure where i want to go for the longest time, but ive decidet to specialize in R

2023-01-31 09:30   Question regarding GDB/GEF and pwntools to find buffer overflow    #[email protected] #安全文章 I am trying to identify the offset in which a buffer overflow occurs via pwntools and gdb via submission of integers and scanf. Here is the C code (x64): int input[8]; int count, num; count = 0; while(1) { printf("Enter:\n"); scanf("%d", &num); if (num == -1){ break; } else {

2023-01-27 00:42   Getting into evasion    #[email protected] #安全文章 I want to shift more towards evasion. I’m lowkey familiar with the theory around unhooking, direct/indirect system calls etc, but don’t know which technique to focus on to get started. From what I understand direct system calls are not relevant anymore on newer versions of windows and for unhooking,

2023-01-25 20:53   Ptrace Injection CTF Challenge Walkthrough    #[email protected] #安全文章   submitted by   /u/ragnarsecurity [link]   [留言]

2023-01-24 02:39   CVE-2021-21551 - Privilege escalation exploit for physical memory read/write vulnerability    #[email protected] #安全文章 https://github.com/nanabingies/CVE-2021-21551   submitted by   /u/nanabingies [link]   [留言]

2023-01-19 15:52   A template for modern shellcode coding + A socks proxy shellcode for pivoting on IOT    #[email protected] #安全文章 https://github.com/nobodyisnobody/docs/tree/main/modern.templates.for.shellcoding A convenient template for developing your shellcode on various architecture, x86, arm, mips Permit to run , debug your shellcode , produce an executable, or dump it to include it in your C or python exploit. As an exam

2023-01-18 02:38   Help with arm exploitation    #[email protected] #安全文章 Hello, I’m trying to exploit a web server running on ARM machine. I have a problem sending the payload to overflow the PC. I can’t send the payload with a python script so I have to either edit the javascript function sending the GET request, or edit the packet with fiddler. When I overflow the PC

2023-01-17 22:46   How do you decide what to exploit?    #[email protected] #安全文章 I am trying to understand how you all narrow down on the what to exploit? Like does someone (say your employer) tell you to exploit something, you randomly pickup something, you look at cve and try exploiting, you discover the vulnerability and then trying to exploit etc. Thanks for sharing your tho

2023-01-16 01:23   Any discord servers for exploit dev?    #[email protected] #安全文章   submitted by   /u/Peixetlift [link]   [留言]

2023-01-15 00:12   Moving to bugbounty.    #[email protected] #安全文章 So, due to some /financial/ problems I am moving to bugbounty keeping mind "I will do better for them". I will be back then after one year. What you awesome guys do think am I doing right or wrong. Need suggestions. Regards iyamroshan.   submitted by   /u/Iyamroshan [link] &#32