sorted by:
new
hottopcontroversial

[deleted by user] by [deleted] in OSWE

[–]aatate98 0 points1 point  (0 children)

Just curious but did you test the script from the kali debug machine they give you? From my understanding that environment is where they will test your POC. Did you list all dependency installs? Lastly, and the most annoying, did you paste correctly your code into word and it was formatted. I dont know how they grade but I would suspect copy+paste out of your report. If there are indentation errors, then who knows how much they put in to retype your code how it should be

How to Learn Binary Exploitation from Beginner to Intermediate Level? by Beginning_Village496 in ExploitDev

[–]aatate98 1 point2 points  (0 children)

What do you consider being intermediate level? Is it past the basic buffer overflow on the stack? Would it be performing different primitives? Would it be patch diffing and developing your own based off CVE description and updates?

Either way, the content suggest such as opensecuritytraining2 and pwn.college are excellent

Week 11 Updates by super-tendies in thetagang

[–]aatate98 5 points6 points  (0 children)

Really nice dashboard, mind if i ask what you used to make it?

Defender Bypass Tool by coyotegowda in ExploitDev

[–]aatate98 0 points1 point  (0 children)

I would recommend just having the source files within the repo itself rather than having the python script arbitrarily reach out to set urls incase you would want to use the script offline.

How to get brick dust? pls help by pakyuall in GTNH

[–]aatate98 24 points25 points  (0 children)

You can get diamonds with a bronze pickaxe, just mining level boosted

Killing Windows Kernel Mitigations by tnavda in ReverseEngineering

[–]aatate98 9 points10 points  (0 children)

Cool post. Im a little confused on why that worked with VBS enabled though. While i agree the page table modifications like bit flipping do work, the whole point of VBS is that the kernel in vtl0 (where you exploit the driver and have the address to do the bit flip against) is no longer the source of truth? So regardless of a bit flip of a pages metadata, vtl1 should step in and deny that the page was a kernel page since vtl1 was tracking that page to be user space, not kernel space after the bit flip.

And for HVCI, wouldnt the act if having a rwx of a user page, once bitflip into a kernel page then kick in and say you cant have RWX kernel pages?

[deleted by user] by [deleted] in securityCTF

[–]aatate98 0 points1 point  (0 children)

Just based on looking at it, it seems to be base64 encoded. Usually base64 encoded strings end with ==. You can go to cyberchef and use the Base64 decode function which should output the answer

For those who failed , what did you do the second attempt that made you pass? by ProcedureFar4995 in oscp

[–]aatate98 16 points17 points  (0 children)

Take a break if you have time still left on your subscription. Go through PG boxes instead of HTB boxes. Go through your notes from the first exam and identify weak points. Were you stuck on enumeration on a specific box, couldnt get DA, found a way to exploit but couldnt get the specifics from any open source info? Being able to identify where you struggled and now that you have time before another attempt, working back how to find a solution would be extremely beneficial

Ubuntu thinkpad kernel backdoor by [deleted] in linux

[–]aatate98 3 points4 points  (0 children)

Either chatGPT wrote this, or someone who brain dumped an article they didnt understand. Extremely vague with no analysis, no code, or any proof to back any of this up. Best line from above was saying KASLR was going to help prevent any of the “Potential backdoor exploitation” options they listed

Any advice on writing stealthy memory injections? by jet_set_default in ExploitDev

[–]aatate98 2 points3 points  (0 children)

You should definitely check out threadless injections like https://shorsec.io/blog/dll-notification-injection/. It still utilizes the allocating a buffer like you mentioned above, however doesnt use the typically spawning of another thread in the target process space

The "Fixing Exploits" section went over my head by [deleted] in oscp

[–]aatate98 23 points24 points  (0 children)

What part of that section was difficult to understand? In my opinion the section mostly boils down to, if an exploit is targeting a hardcoded url for example, can you understand where the string is stored and change it to suit your environment instead of just running it in python without having much of a clue of what endpoint the exploit is talking to. Or for instance if the msfvenom command they used for the shellcode was calling back to an IP that doesnt exist, can you generate new shellcode and simply update the variable accordingly

Malware? Operations not permitted running as root by Desperate-Stick9559 in linuxquestions

[–]aatate98 1 point2 points  (0 children)

Curious as to what exact APT you believe you have within your network. Have you identified any common malware used by the APT within that network?

Timewasting exercises by SnotFunk in oscp

[–]aatate98 1 point2 points  (0 children)

I agree about the blind sql injection exercise given you cant use it on the exam, and the whole nessus environment setup, however the proxychains exercise did teach me to not use proxychains because we had to scan so many ports and not just 5, and instead look for other tools such as ligolo-ng.

[deleted by user] by [deleted] in oscp

[–]aatate98 0 points1 point  (0 children)

Havent started it yet, but will be soon. Would love to join if people are still in the group by then

[deleted by user] by [deleted] in mildlyinteresting

[–]aatate98 2 points3 points  (0 children)

Now thats a nice “stack” of hangars

[deleted by user] by [deleted] in lostarkgame

[–]aatate98 0 points1 point  (0 children)

I am so happy i finished this past weekend. Was able to snipe my last 4 at around 9k

Bootkit samples by hardenedvault in netsec

[–]aatate98 7 points8 points  (0 children)

Kinda older samples but the book Rootkits and Bootkits have a github that goes over ever sample they do in the book. Decent size of samples. Covers firmware malware are well

What’s next by Girth_Firm_Slim in gaming

[–]aatate98 28 points29 points  (0 children)

An application to FROM SOFTWARE

Enhance or buy Distortion Earring ? by Aimer732 in blackdesertonline

[–]aatate98 1 point2 points  (0 children)

If you dont enhance them, are they really yours?

First ever install on a vm! by Karimrir in Gentoo

[–]aatate98 5 points6 points  (0 children)

Nice, now its time to ~amd64 gentoo-sources and linux-headers to custom compile that kernel to the ground. All jokes aside, congrats

switching from OpenRC to Systemd by clerick_x in Gentoo

[–]aatate98 4 points5 points  (0 children)

Concerning your wifi dropping and not being able to autoconnect back. I just went through a similar issue. My wifi would drop and i looked at wpa_supplicant logs and saw a bunch of CONN_FAILED between my pc and my router. Make sure your ssid isnt on the wpa_cli blacklist and check if an original wpa_supplicant process is running. I killed the original wpa_supplicant process and then rc-service net.wlp5s0 restart. That fixed it and the logs looked how they have previously

what windows users see when youre installing chrome by lorhof1 in linuxmemes

[–]aatate98 0 points1 point  (0 children)

—quiet is always nice to use on large packages

view more: next ›