StalkR's Blog

In the last two blog posts, I described a challenge and exploits to get code execution from arbitrary Go code only allowing the fmt packa...

In my last blog post , I described The Gomium Browser, a pwn challenge of the Google CTF 2019 finals that 4 teams (pasten, 5BC, p4, A*0*E) ...

Last weekend were the Google CTF 2019 finals in London with 10 invited teams, part of a larger event named ESCAL8 with VRP researchers (Bu...

If you like exploitation surely you've had your own reverse or connect-back shells. Set up a listening netcat, run the payload and boom:...

Surely you've heard of the Burp Suite , quite useful software to perform security testing of web applications and in general to play wit...

Go is becoming more and more popular as a programming language and getting more scrutiny from a security point of view. You might remember m...

I have a server with a single IPv4 and I want to run two DNS servers: one to serve zones like stalkr.net - if you recall , I like PowerDN...

Sometimes I need to create a tiny ELF with some assembly code, because I'm restricted in size or just don't like the bloated binary ...

Are you the lucky owner of an IDA Pro linux license? Since I had errors last time I set it up, here is a quick brain dump on setting up IDA...

It was DEFCON 21 quals last week-end, with new organizers . It went well, good organization and good challenges. If you're curious abou...