Our Blog

Our news

All you need to know

Linux Heap Exploitation Intro Series: Set you free() – part 1

Reading time: ~15 min
Intro (part 1) Hello and welcome to the final post of our Intro to exploitation series! We have learned the basics...

Linux Heap Exploitation Intro Series: Riding free on the heap – Double free attacks!

Reading time: ~15 min
Intro Hello again and welcome to the third of our series. On today’s blog post we are going to see...

Outlook Home Page – Another Ruler Vector

Reading time: ~12 min
Ruler has become a go to tool for us on external engagements, easily turning compromised mailbox credentials into shells. This...

Macro-less Code Exec in MSWord

Reading time: ~5 min
Authors: Etienne Stalmans, Saif El-Sherei What if we told you that there is a way to get command execution on...

Abusing GDI Objects for ring0 Primitives Revolution

Reading time: ~21 min
Exploiting MS17-017 EoP Using Color Palettes This post is an accompaniment to the Defcon 25 talk given by Saif. One...

Linux Heap Exploitation Intro Series: Used and Abused – Use After Free

Reading time: ~9 min
Intro After analysing the implementation of ptmalloc2 which, is a must read if you don’t know anything about the linux userland...

Linux Heap Exploitation Intro Series – (BONUS) printf might be leaking!

Reading time: ~11 min
Intro Hi there (again)! This series are going to an end as the next and feasible step is the widely...

USaBUSe Linux updates

Reading time: ~6 min
(If you’re new to this project, read the intro first) For the past few months, I’ve been working on porting...

Exploiting MS16-098 RGNOBJ Integer Overflow on Windows 8.1 x64 bit by abusing GDI objects

Reading time: ~39 min
Starting from the beginning with no experience whatsoever in kernel land let alone exploiting it, I was always intrigued and...