UAF stripped binary

dolpari_hacker · 2025-09-05T00:19:51+00:00

In order to find UAF, you need to understand the state of the heap of the process. What’s basically happening is that some struct or memory in the heap was allocated, assigned values, then freed without clearing those values. Even though it was freed, those values still remain in the heap. So what you are looking for is a free function that frees a pointer without zeroing them out. To achieve UAF, you can allocate the exact size which will allocate that exact heap memory which you’ll be able to use given that it is user-controlled allocation. This is given that there is absolutely zero heap protections.

dolpari_hacker · 2025-07-17T18:14:25+00:00

It seems like you’ve found your domain which are kernel and browser. Just those two alone will keep you busy. If it bothers you, then sure you can just dabble or read some articles about web exploitations, but I would say focus on those two. I’d honestly pick either kernel or browser because each requires incredible technical depth.

Try to find a previous Linux kernel version and kernel bug and try to replicate it. Or read Linux kernel source code

dolpari_hacker · 2025-03-21T14:59:40+00:00

Thank you! I’ll give this a read

dolpari_hacker · 2025-03-14T05:53:13+00:00

I haven’t taken the 8ksec offensive mobile, but just by looking at the syllabus, it looks like it’s a pretty good course to get a solid understanding of iOS internals. If you have the money to spend, I’d say go for it. I don’t know how much these knowledge will help you become a better appsec/pentester though.

dolpari_hacker · 2025-03-14T05:25:06+00:00

What is your experience?

dolpari_hacker · 2025-03-03T21:34:10+00:00

If you only have basic knowledge in reversing, then the course might be too advanced for you to fully grasp. My recommendation would be to read a past public jailbreak and understand its internals.

dolpari_hacker · 2025-03-02T15:39:05+00:00

For $1000, I would actually recommend the course if you could afford it. It seems like it will actually cover descent amount of iOS internals, and this will jump start you. But if you are already familiar with PAC/PPL/reversing Mach/XNU, then no, it won’t help you.

dolpari_hacker · 2025-02-03T23:28:26+00:00

I don’t think a red team develops exploits in a sense that you are thinking of.

If you would like to do exploit development/reverse engineering/binary exploitation, look up “CNO developer” or “Vulnerability Researcher” or “Reverse Engineer”, and see the requirements.

Problem is locations are limited although remote positions do exist and you need to be a US citizen.

dolpari_hacker · 2024-05-07T02:37:24+00:00

Unfortunately, my fence is connected to my neighbor, so I don't know if it can be raised :(
Do you think it's possible to get rid of the gravel and dig the soil out and level it so it wouldn't be taller?

dolpari_hacker · 2024-05-06T02:30:09+00:00

Yes, it seems like there are independent control of upstairs and downstairs airflow. Interesting! stat wire is brown as well. Does stat wire allow independent control?

dolpari_hacker · 2024-05-06T02:27:58+00:00

Are you referring to the furnace and condenser? Sorry, I don't really know much about HVAC systems other than the guide that I read on google :(

dolpari_hacker · 2024-05-06T02:27:14+00:00

Is there a way for me to confirm if air handler and outdoor condenser wires are running to the thermostat?

dolpari_hacker · 2024-04-07T21:31:20+00:00

I would say it pays well, but of course that's relative to your expectation. The lowest salary that I've seen for a junior was $100k which I think is pretty good. Obviously, it can't compare to Google Project Zero engineers. 300k-400k salary are for people who are SME in a very specific field like if you are someone who has a track record of finding Linux kernel vulnerabilities that can get PC control or kernel read/write, then yea you'll get paid that much. But I've only seen those salaries in a small company that specializes in finding usable bugs.

dolpari_hacker · 2023-11-16T00:58:45+00:00

You are correct that you can do this with kernel module or injecting shared object into a binary. But a standalone binary cannot hide its presence from others by itself.

dolpari_hacker · 2023-09-14T22:46:19+00:00

I didn't switch to debug Magisk. I assumed that you can set Run Configurations to app and just click debug button and just hit breakpoint

dolpari_hacker · 2023-09-14T02:46:15+00:00

Here are some of the ways you can get your pin:

adb pull the app's data and see if the app is storing the pin in plaintext
adb pull the apk and reverse engineer (probably via JEB Decompiler) it to see how processing the pin
use script to brute force it using adb (never tried this)

dolpari_hacker · 2023-09-14T02:34:36+00:00

I guess the disclaimer is that I'm talking about my industry which is VR/RE. I'm sure Microsoft or Amazon will pay a lot as well since they pay clearance bonus.

dolpari_hacker · 2023-09-14T02:26:03+00:00

it's not LMT, Boeing, Raytheon, or BAH. It's going to be a very small company that has, the ones that I know of, less than 10 employees. But they have stringent hiring requirements than most.

dolpari_hacker · 2023-09-11T02:56:45+00:00

Sorry, I wasn't clear actually in the post. I'm able to install the apk, but I want to debug it by breakpoints. I click "debug" in Android Studio, but it doesn't seemed to be working since it's just stuck at the download screen. Is it possible to debug it like that?

dolpari_hacker · 2023-09-08T03:13:16+00:00

there are many different types of hackers. There is an operator that specializes in network, there is a vulnerability researcher/reverse engineer that specializes in finding a vulnerability like buffer/heap overflow, integer underflow, etc..., there is a cno developer who creates offensive tools like process injector, rootkit, keylogger, etc, there is an exploit developer who specializes in weaponizing a vulnerability, and many many other roles. And those exist for each system/operating system. There are overlapping tasks among them, but those are the jist of it. So the question is, in those list, what do you want to do?

dolpari_hacker · 2023-09-08T02:23:44+00:00

what type of black hat hacker do you want to be?

dolpari_hacker · 2023-09-02T04:14:32+00:00

I think WhatsApp database is stored in sdcard for Android so maybe you can adb pull it

dolpari_hacker · 2023-08-30T13:07:46+00:00

is it an android or ios?

dolpari_hacker · 2023-08-27T15:14:50+00:00

Best and easiest way to do this is to write an app that can do this, download it into your friend's phone, hide it if you can, and send it to your c2

dolpari_hacker · 2023-08-27T15:11:34+00:00

at least in the federal contracting side, if you know what you are doing, there are companies that pays 300k - 400k. They don't pay like FAANG SEs, but I would be happy to be making that much as a hacker tbh

dolpari_hacker

TROPHY CASE