ASIS CTF Quals 2016: "Catch Me!" writeup
The following loop decrypts 32 bytes starting from 0x601280 by XORing ... [Read more]
Writing a LKM rootkit that uses LSM hooks
Modifying the syscall table (sys_call_table[]
) through a LKM is a ... [Read more]
Use /dev/ptmx to measure inter-keystroke timing (CVE-2013-0160)
As a reminder, the "/dev/ptmx" character device is used to ... [Read more]
Debian's x11-common init script weakness (CVE-2012-1093)
The init script issued from the x11-common Debian package is ... [Read more]
X wrapper: Permission bypass (CVE-2011-4613)
While I was developing the exploit against CVE-2011-4029, I ... [Read more]
Bzip2 (bzexe): race condition (CVE-2011-4089)
bzexe (a shell script provided by the bzip2 package) in used ... [Read more]
Xorg: Two vulnerabilities (CVE-2011-4028 and CVE-2011-4029)
I recently discovered two vulnerabilities in the X server ... [Read more]
libvte9: Escape sequences of death (CVE-2011-2198)
While playing with terminals, I discovered several missing ... [Read more]
How to probe ip_forward option on remote hosts?
On a local network, I thought about a way to know if a ... [Read more]
Keykass.so: Dynamic library for keystroke logging
Some articles about function interposition or syscall hooking ... [Read more]
Base64 scheme implementation in Bash
The Base64 encoding/decoding scheme has been implementing in ... [Read more]
Crontab: How to hide a scheduled task
Here is an easy way to hide a task inside a crontab by using ... [Read more]
Man-in-middle detection script
Here is a simple ARP spoofing detection script. It warns you ... [Read more]
Send password on /bin/su's stdin
Due to security reason, it is forbidden to pipe or redirect ... [Read more]
Nmap NSE Script "x11-access.nse"
If a X server is listening on TCP port 6000+n (where n is the ... [Read more]