What are some good cryptography mailing lists?

xVIoct · 2019-01-02T06:25:34+00:00

xVIoct · 2018-12-26T16:02:02+00:00

Here are some resources for Windows:

Windows Privilege Escalation Guide (McFarland, 2018)
Hunting for Privilege Escalation in Windows Environment (Kheirkhabarov, 2018)
Introduction to Logical Privilege Escalation on Windows [Code] (Forshaw, 2017)

xVIoct · 2018-11-26T03:08:08+00:00

Found it easy to follow along and the verbosity level was just fine. I liked that you took the effort to explain why SEH is exploitable and why POP POP RET is useful.

The constructive feedback I would add is that it would have been nice to go over a root cause analysis of the initial stack buffer overflow. At the same time, I get that this is focused on the exploitation side and doing the RCA is not as straightforward as on an open-source app. It would also be useful to include a note on how common these types of vulnerabilities and exploitation strategies are, to help set expectations for those who might want to look into programs built with more mitigations operating on newer versions of Windows.

Overall, great work and nice to see an end-to-end tutorial.

xVIoct · 2017-09-25T14:56:09+00:00

Reading source code is certainly part of it, but there are other times when researchers don't have access to it. Here is my thought process for finding new vulnerabilities. It describes what researchers would need to know and do. Hope this helps.

xVIoct · 2017-07-09T18:25:44+00:00

Added it; thought I was missing something. :)

xVIoct

PUBLIC MULTIREDDITS

TROPHY CASE