Writeup: HTB Machine – UnderPass

The second in the my series of writeups on HackTheBox machines. Contrary to the courses they offer, these machines offer us little to no guidance, making them perfect for putting our skills to the test. Today, the UnderPass machine.

Continue reading “Writeup: HTB Machine – UnderPass”

Writeup: HTB Machine – Cap

As part of my curriculum for school, I have been performing various red-teaming exercises. Before, I have uploaded two writeups, based on HackTheBox courses and their corresponding skills assessments. This time, it’ll be a little different. This time, the assignment is a machine, and we are given little to no guidance. I will be starting with Cap.

Continue reading “Writeup: HTB Machine – Cap”

Writeup: Login Brute Forcing – Skills Assessment

Another writeup for my university work. This time on the topic of brute-forcing login entries. This is performed on the HTB platform.

Continue reading “Writeup: Login Brute Forcing – Skills Assessment”

Writeup: HackTheBox File Upload – Skills Assessment

As part of my university work, I am working through courses on HackTheBox. This is so I can add these courses and the skill assessments to my portfolio. In this brief writeup I will show how I went about performing the skills assessment for the file upload attack course.

Continue reading “Writeup: HackTheBox File Upload – Skills Assessment”

Exploring the Effectiveness of Modern Defensive Measures Against Stack-Based Buffer Overflows

In the last post, we have explored the exploitation of buffer overflows on the stack. We have seen how these attacks are performed and where issues in our code can arise to make them vulnerable. Today we will focus on defensive measures against these attacks. Measures such as ASLR and DEP have been developed to stop these attacks. Today’s questions are:
“How effective are current defensive measures, like ASLR and DEP, in preventing memory manipulation exploits?” as well as “How do different software architectures and operating systems influence the success rate of memory manipulation exploits?”

Continue reading “Exploring the Effectiveness of Modern Defensive Measures Against Stack-Based Buffer Overflows”

Explanation of memory-based attacks

In the last post, we have looked at how we can identify when a buffer overflow can be performed. Finding a buffer overflow is very handy, and understanding when your code might be vulnerable is just as good. But what good does it do when we do not understand how someone can exploit this? We will take off the shoes of the defender and become the hacker, today!
Today’s question is: “How do these exploits work and how do we perform these?”

Continue reading “Explanation of memory-based attacks”

Identification of Memory-Based Attacks

Through the years, we have seen many kinds of breaches happen on digital systems. Attacks such as stack-based buffer overflows proved to be a first step in the direction of many more attacks to come. These attacks, prevalent in vulnerable code, allowed attackers access to a lot of tooling they should not have access to. Today, the question we pose is:
“What are the most common memory-based exploits and how can we identify these?”

Continue reading “Identification of Memory-Based Attacks”

Introduction to memory-based attacks

Memory-based attacks are attacks we don’t hear a lot about anymore, nowadays. Back in the 80’s and 90’s, this method was used a lot, with attacks such as the Morris Worm paving the way for future attacks of this kind. In this series, we will be exploring, understanding and learning about attacks utilizing memory in digital devices. And hopefully, leave you with a better understanding of how these work.

Continue reading “Introduction to memory-based attacks”