OSCE Course & Exam Review

This time I’d like to share my experience during Offensive Security’s CTP (Cracking the Perimeter) course and ultimately the following 48 hours practical exam which leads to the Offensive Security Certified Expert (OSCE) certification upon passing. Offensive Security starts to challenge their prospective students from early on. Before you’re even allowed to sign up for … More OSCE Course & Exam Review

Amiga Reverse Engineer Custom MFM Disk Format: Street Fighter 2

Some time ago I wrote a tutorial about the copy protection used in the Amiga version of Street Fighter 2. The tutorial explains the inner workings of the custom disk format used and how to rip the data from the copy protected disks and reconstruct working (and copyable) AmigaDOS disk images. The tutorial was originally … More Amiga Reverse Engineer Custom MFM Disk Format: Street Fighter 2

Exploit Development 5: Reflective DLL Injection

Introduction Reflective DLL injection is being used to inject a DLL into a process without reading it from the storage. A stager is executed from the exploited buffer, which in turn retrieves the DLL from a server. The DLL is directly loaded and mapped into the process address space and execution is being handed over … More Exploit Development 5: Reflective DLL Injection

Exploit Development 3: ROP buffer overflow

In the previous two tutorials we looked at how to exploit the vulnerable application with EIP as well as SEH based buffer overflow attacks. This time we will have a look at how to exploit the application when DEP (Data Execution Protection) is enabled. Code execution will be forbidden on the stack and will result in an access … More Exploit Development 3: ROP buffer overflow