Parent Process ID Spoofing

Supplying arbitrary PPID values to CreateProcess.

File Upload Vulnerabilities

Exploiting file upload vulnerabilities to execute arbitrary code.

SQL Injection

SQL Injection for MySQL databases.

XML External Entity Injection (XXE)

Exploiting XML parsers.

Web Content Discovery

Identifying web content to launch further attacks.

Cross Site Scripting (XSS)

Injecting malicious code into web applications.

Shellcode Obfuscation

Encoding Shellcode for use within malware.

Hack The Box Certified Bug Bounty Hunter (HTB CBBH)

A review of the CBBH course and exam.

Import Address Tables

Hiding IAT entries to evade detection.

802.11 Wireless Attacks

Ways of gaining access to WPA-PSK networks.

Cobalt Strike

Getting started with Cobalt Strike.

Local File Inclusion (LFI) Attacks

Exploiting LFI vulnerabilities in web applications.

Flask Session Cookies

Decoding Flask signed session cookies.

Server Side Template Injection (SSTI)

SSTI attacks against Python Flask applications.

Cyber Apocalypse 2023

Cyber Apocalypse CTF 2023 challenge writeups.

Malicious Nim Code

Using Nim to write some simple tools.

System Call Execution

Writing a process injection tool using direct system calls.

Headless Linux Disk Encryption

Unlocking LUKS encrypted disks remotely.