Booj thoughts on security

HackTheBox - Calamity

This writeup is effectively the summation of three days of bashing my head against GDB. It ended up ballooning in size, but I’ve tried to include as much detail as possible, so hopefully someone with only a basic knowledge of buffer overflow’s should be able to follow along. It’s important to be aware that this is quite a complex buffer overfl... Read more

Stack Buffer Overflows: Linux 2 - Using GDB

In Chapter 2 of my Linux Stack Buffer Overflow series I’ll be walking you through crafting an exploit from scratch in GDB with no external hints of the environment. If you’re new to this type of exploit I’d recommend going through Chapter 1. One issue with crafting an exploit in GDB and then running it outside, is that the exploit simply no lo... Read more

BMAT Physics

A couple of years ago I was asked to author solutions for the physics portion of a private BMAT tutoring course. This course never ended up being taught and I’ve recently been informed that the BMAT cirriculum has changed. Therefore, I’ve decided to release these for anyone with either a cursory interest in Physics, or anyone looking for past ... Read more

HackTheBox - Jail

Introduction This box is long! It’s got it all, buffer overflow’s, vulnerable software version, NFS exploits and cryptography. This is a difficult box, not in the techniques it has you apply, but rather in the scope of them. There’s a lot covered in this write-up so in order to keep it relatively concise I’ve included a few links in the refe... Read more

Stack Buffer Overflows: Linux - Chapter 1

Introduction Buffer overflows are probably my favourite part of the security field. They can range from simple to incomprehensible, offer a wide variety of exploitation techniques and are just kinda fun. Also they sound way more difficult than they are! Whilst modern OS’s have started to introduce memory protections, there are always ways arou... Read more