SANS SEC760: Advanced Exploit Development for Penetration Testers – Review
voidsec2023-01-20T22:33:03+01:00In July 2022, I took the SANS SEC 760 class in Berlin. I always promised myself and some close friends to write a review, but I didn't have the time until the Christmas break.
This blog post aims to be a day-by-day review of the SANS SEC760 course content and its CTF, NetWars tournament and on-demand package.
Looking at SANS's website, SEC 760 should teach skills required to reverse-engineer applications in order to find vulnerabilities, perform fuzzing and write complex exploits...
voidsec2022-12-22T15:34:48+01:00As the last post of the year, I decided to do something chill and a bit “off-topic” from my usual content. As the festivities are approaching, I have a bit more free time to dedicate to different stuff, like helping some friends with CTFs and such.
I’ve decided to post about this specific challenge because since it wasn’t the most complex nor the one with the most shenanigans to flex about, it likely wouldn’t get any write-ups. But it’s a perfect...
Windows Exploitation Challenge – Blue Frost Security 2022 (Ekoparty)
voidsec2022-12-19T23:52:55+01:00Last month, during Ekoparty, Blue Frost Security published a Windows challenge. Since having a Windows exploitation challenge, is one of a kind in CTFs, and since I've found the challenge interesting and very clever, I've decided to post about my reverse engineering and exploitation methodology.
Only Python solutions without external libraries will be accepted
The goal is to execute the Windows Calculator (calc.exe)
The solution should work on Windows 10 or Windows 11
Process continuation is desirable (not mandatory)
voidsec2022-07-24T21:22:33+02:00In case you're wondering why I'm not posting as regularly as before, with the new year, I've finally transitioned into a fully offensive vulnerability research and exploit development role at Exodus Intelligence that fulfilled my career dream (BTW, we're currently hiring). In the last couple of months, I've worked on some exciting and challenging bugs. Hopefully, these bugs will be featured on my blog post as soon as I am allowed to share them and after the vendors issue a...
voidsec2022-03-10T14:42:04+01:00With this blog post I’d like to sum up my year-long Windows Drivers research; share and detail my own methodology for reverse engineering (WDM) Windows drivers, finding some possible vulnerable code paths as well as understanding their exploitability. I've tried to make it as "noob-friendly" as possible, documenting all the steps I usually perform during my research and including a bonus exercise for the readers.
Setting up the lab
While in the past, setting up a lab for kernel debugging was a...