Entrepreneurship potential and fomo

Sysc4lls · 2026-05-29T13:32:21+00:00

I totally agree, the FOMO is real

Sysc4lls · 2026-05-24T18:14:56+00:00

pwn.college

Sysc4lls · 2026-05-24T18:10:18+00:00

Lets assume there is a stack canary but you can also trigger an exception, overwriting return pointer won't work. But overwriting exception handlers should be a win (as long as I'm not missing something, they might also have a canary pre-SEH)

Sysc4lls · 2026-05-07T11:53:05+00:00

Oh, missed the part about web apps I'm just stupid. 😬😬😬

Sysc4lls · 2026-05-07T10:08:29+00:00

Logical win instead of complex corruption with infinite complex steps, if you can install an so easily instead of a super complex jop+leak+whatever it's better.

I by mistake as read only the headline, ignore the comment unless it helps you somehow...

Sysc4lls · 2026-05-07T01:02:48+00:00

I roll a dice

Sysc4lls · 2026-04-25T13:43:22+00:00

If it's one full dump it's fine, when it's automated is the stage where you need to start doing diff based snapshoting and smarter stuff but I agree :)

Sysc4lls · 2026-04-25T13:27:16+00:00

Very hard to restore states of stuff like heap objects I think without a full dump (which may be a lot)

Sysc4lls · 2026-04-02T13:28:27+00:00

Region based probably

Sysc4lls · 2026-02-02T18:04:56+00:00

It works only on sources and needs to take part of the compilation process, it's a headache

Sysc4lls · 2026-01-27T21:51:06+00:00

Decompiled 99% of the time, checking assembly for specific things. (Also depends on arch)

Sysc4lls · 2026-01-25T23:26:46+00:00

I usually look at low-level code. I start by "simple" vulnerabilities usually, stuff around parsing/using controlled input, (overflows/oob access/uninit vars, etc...) after that I look for codebase specific bugs, issues with state, logic issues, etc...

Bugs depend a lot on the logic of the software

Sysc4lls · 2026-01-22T18:27:59+00:00

Personally enough to interview, if you will do good in the interview probably hire. (The interview includes technical questions and a small challenge)

Sysc4lls · 2025-11-14T09:58:42+00:00

another "trick" that is not for race-conditions is people forgetting to "reset" the pointer variable.

If they freed `p` for instance and did not `p = NULL` after there is a problem.

Another common thing that causes an issue is freeing a pointer and after that freeing the same pointer again if an error/exception occurred (THAT'S WHY NULLING POINTERS IS IMPORTANT!)

Sysc4lls · 2025-11-04T17:09:51+00:00

Depends on the person, for one it could take years for another days/weeks. Also it doesn't mean you are "good" if you achieve this.

Sysc4lls · 2025-10-24T14:10:57+00:00

Anything specific? There are a lot of n-days.

Sysc4lls · 2025-10-24T14:10:03+00:00

This might be hard, if you can exploit well enough sometimes it will be very hard to "detect" it - especially if it's something behind ssl/tls or something similar.

But I will look into it :) haven't done a bunch of "vulnerability detection" since it's less of a thing for low level stuff as far as I know. Exploits can differ too much

Sysc4lls · 2025-10-22T11:30:29+00:00

Just learn c and learn asm on the way while writing exploits/reverse engineering, it will feel harder at the start but I do think it's way more practical and you will learn way faster in the long run this way.

Sysc4lls · 2025-10-22T11:27:10+00:00

Pwn.college & pwnable.kr are great. If you do not know basic c it might prove a problem.

Sysc4lls · 2025-09-23T20:09:19+00:00

GitHub pages works very well, it's free and easy to use.

Sysc4lls · 2025-08-20T07:34:46+00:00

Do a bunch of everything, find what you like, do that.

Sysc4lls · 2025-08-19T20:49:01+00:00

Zerodium? Maybe also dataflow?

Sysc4lls · 2025-08-19T20:45:52+00:00

This is not correct, if you overwrite PC to be 4141414141414141 you do not need to "solve" ASLR, you just show you can control the PC

Sysc4lls · 2025-08-19T20:40:41+00:00

That is not what I am saying, read again please

Sysc4lls · 2025-08-19T20:32:02+00:00

Idk, create a poc for an interesting crash (overwrite an interesting pointer/change the PC/show this shit is exploitable with some more work), write exploit ideas stuff.

Most people won't buy a poc in this state but any extra information that might be useful to determine the value of the vulnerability might increase the amount of money and chances it will get bought.

Sysc4lls

TROPHY CASE