StalkR's Blog

Blog of a security enthusiast

Saturday, January 01, 2022

Universal Go exploit using data races, no imports

›
In the last two blog posts, I described a challenge and exploits to get code execution from arbitrary Go code only allowing the fmt packa...
Saturday, December 07, 2019

The Gomium Browser - Exploits

›
In my last blog post , I described The Gomium Browser, a pwn challenge of the Google CTF 2019 finals that 4 teams (pasten, 5BC, p4, A*0*E) ...
Thursday, November 07, 2019

The Gomium Browser - Google CTF 2019 finals challenge

›
Last weekend were the Google CTF 2019 finals in London with 10 invited teams, part of a larger event named ESCAL8 with VRP researchers (Bu...
Thursday, December 03, 2015

From remote shell to remote terminal

›
If you like exploitation surely you've had your own reverse or connect-back shells. Set up a listening netcat, run the payload and boom:...
Wednesday, April 22, 2015

Creating Burp extensions in Python, the "editor" case

›
Surely you've heard of the Burp Suite , quite useful software to perform security testing of web applications and in general to play wit...
Wednesday, April 15, 2015

Golang data races to break memory safety

›
Go is becoming more and more popular as a programming language and getting more scrutiny from a security point of view. You might remember m...
1 comment:
Sunday, January 25, 2015

DNS reverse proxy

›
I have a server with a single IPv4 and I want to run two DNS servers: one to serve zones like stalkr.net - if you recall , I like PowerDN...
Monday, October 13, 2014

Tiny ELF 32/64 with nasm

›
Sometimes I need to create a tiny ELF with some assembly code, because I'm restricted in size or just don't like the bloated binary ...
1 comment:
Saturday, January 04, 2014

IDA on Debian amd64 with python

›
Are you the lucky owner of an IDA Pro linux license? Since I had errors last time I set it up, here is a quick brain dump on setting up IDA...
Wednesday, June 19, 2013

Defcon 21 quals - blackbox write-up

›
It was DEFCON 21 quals last week-end, with new organizers . It went well, good organization and good challenges. If you're curious abou...
›
Home
View web version
Powered by Blogger.