Local File Inclusion (LFI) Attacks

Exploiting LFI vulnerabilities in web applications.

Flask Session Cookies

Decoding Flask signed session cookies.

Server Side Template Injection (SSTI)

SSTI attacks against Python Flask applications.

Cyber Apocalypse 2023

Cyber Apocalypse CTF 2023 challenge writeups.

Malicious Nim Code

Using Nim to write some simple tools.

System Call Execution

Writing a process injection tool using direct system calls.

Headless Linux Disk Encryption

Unlocking LUKS encrypted disks remotely.

Windows x64 Reverse Shellcode

Reverse shells in x64 assembly.

Windows x64 Shellcode Development

Writing Shellcode for Windows 11.

ClickOnce Droppers

Creating a ClickOnce installer for Phishing campaigns.

Kerberos Delegation Attacks

Exploiting constrained, unconstrained and resource based delegation.

NT API Shellcode Execution

Process Injection using NtCreateSection and NtMapViewOfSection.