In this blog post we’re going to take a look at the recent CouchDB vulnerability, CVE-2021-38295, which I was credited with discovering. You can read...
Overview In the last blog post in this series, we created a tool to make it easy to build our custom payloads and extract them. However, what if we...
Good passwords gone bad.
A long time ago in a galaxy far, far away, I was not a Security Consultant. I was a Chef. And I worked as a corporate Chef for an organization that...
I recently was doing a pentest and was continuously looking up translations for words, and thought “there has to be a better way…”. That is when I...
Overview In the last blog post of the X86 Linux assembly series, we focused on how to make our Hello World payload friendly for use as a payload in...
Last month, I found myself Googling: Is weed legal in Nevada? This was the day after arriving in Reno for Wild West Hacking Fest – Way West 2021. I...
Overview In the last two tutorials, we built a Hello World program in NASM and GAS for x86 assembly. While this can help us learn x86 assembly, it...
How can we do analysis without Wireshark? For Linux and macOS that utility has been tcpdump for quite a while; In Windows, we can use netsh.
On May 12, 2021, President Biden issued an executive order on cybersecurity. This new order combines many trends we’re already seeing in the Fortune...
Overview In the last tutorial, we covered how to build a 32-bit x86 Hello World program in NASM. Today, we will cover how to do the same thing, but...
Overview A processor understands bytecode instructions specific to that architecture. We as humans use mnemonics to make building these instructions...