Reverse Engineering Shambles: The Next-Generation IoT Reverse Engineering Tool to Discover 0-Day Vulnerabilities Simplifying the discovery of IoT/ICS 0-days. Revolutionizing embedded systems reverse engineering in a tool for everyone.
Hardware Hacking Emulating IoT Firmware Made Easy: Start Hacking Without the Physical Device A step-by-step how-to guide to using QEMU in Ubuntu 18.04 to emulate embedded devices
Hardware Hacking Vulnerabilities and Hardware Teardown of GL.iNET GL-MT300N-V2 Router Hacking GL.iNET MT300N router & hardware teardown (3 CVEs)
Reverse Engineering Vulnerabilities in Tenda's W15Ev2 AC1200 Router Reverse engineering Tenda's W15Ev2 AC1200 SOHO router discovering 10 0-days (10 CVEs)
ATM Hacking ATM/Kiosk Hacking & Financially Oriented Web Applications Solving the ATM/Kiosk & Banking software hacking challenges from Positive Hack Days 2022 Payment Village
Penetration Test Using NVIDIA's leaked certificate to improve anti-kill Looking at how signing binaries with leaked Nvidia certificates affect evasion
Web Hijacking League of Legends Accounts A tale of stealing from botters/boosters & their win-trading accounts
ATM Hacking ATM/Kiosk Hacking Solving the ATM/Kiosk hacking challenges from Positive Hack Days 2021 Payment Village
Reverse Engineering The Braindead Buffer Overflow Guide to Pass the OSCP Blindfolded OSCP / eCPPT braindead buffer overflow guide
Windows Internal Cobalt Strike Process Injection Discussing the various methods that Cobalt Strike uses to perform process injection
Penetration Test From Default Printer Credentials to Domain Admin Looking at Pass-back-attacks & how to exploit trust relationships between devices that are generally considered benign
Reverse Engineering QueryFullProcessImageNameW Under-the-Hood - Reversing NtQueryInformationProcess How a path across processes can be obtained from PEB's LDR linked list through QueryFullProcessImageNameW under the hood.
Windows Internal Dynamically Retrieving System Call (syscall) Leveraging PTEs Locate instantiated PTE by leaking the base address and dynamically using read primitive to retrieve the syscall id
Hardware Hacking Thanks Fo' Nut'in - Hacking Male Fertility Sperm Tester Thanks Fo' Nut'in - Tearing down a medical IoT device & obtaining a root shell 3 different ways
Windows Internal Direct System Call (syscall) Process Injection to Avoid Anti-Kill Quick n’ Dirty syscall process injection
Hardware Hacking NorthSec 2021 Badge Writeup Solving all 10 flags + easter eggs within the NorthSec 2021 CTF badge
