Final part of our series on going from the foundations of exploitation development to real-world exploitation. Focusing on the critical skill of discovering and developing your own exploitation strategies in large applications.
From having the foundations of exploit dev you might be wondering how to progress? Well, we argue that you should take some time to learn the basics of vulnerability research.
So you've played some CTFs and got a handle on this exploit dev stuff. This is the start of a three-part series about making the jump into real-world exploitation.
tl;dr The rest of this goes into detail about what topics matter and why from each resource, but if you want to cut to the chase and ignore that... * Prerequisites * C programming language * x86 Assembly (32bit and 64bit) * Linux terminal usage * Exploit Education - Nebula [https://exploit.education/nebula/] - Start thinking like an attacker and learning to do research * Open Security Training - Introduction to Software Exploitation [https://opensecuritytraining.info/E
Over the last year or so, I've been working with the OpenOrbis team to develop a toolchain for building homebrew for the PS4, and one of the challenges we faced was porting a proper libc to the console. This article dives into some of the interesting lessons learned while porting MUSL to the PS4.
With so many countries recommending self-isolation in the past little while we thought it might be useful to recommend some excellent learning resources to help enable you make the most of the extra time you might find yourself with. These are generally solid resources that will also be entertaining and engaging to work through and a focus on beginner friendly resources. We've also put out a Youtube video discussing all of these points along with some side discussion about stuff like whether o
Plenty of websites are offering deals for Black Friday, these are the places we plan to check out.
Over the past few weeks, those of you who frequent the DAY streams over on our Twitch may have seen me working on trying to understand the recent Android Binder Use-After-Free (UAF) published by Google's Project Zero (p0). This bug is actually not new, the issue was discovered and fixed in the mainline kernel in February 2018, however, p0 discovered many popular devices did not receive the patch downstream. Some of these devices include the Pixel 2, the Huawei P20, and Samsung Galaxy S7, S8,