• Blackhat Hardware Training Roadmap –
    This diagram is intended to give an overview of many of the hardware-related trainings available at Black Hat USA 2017. Generally, lower level hardware is at the bottom and more software to the top.


  • screen2root –
    On systems where screen is version 4.5.0 (Screen version 4.05.00 (GNU) 10-Dec-16), and setuid root, you can use it to create arbritary files with root permissions containing arbritary content.


  • Attacking Yourself First –
    If you’re doing this on a budget, you have a few ways to go about this. You can either use old machines you have laying around to install OSes and applications on and attack those systems or you can do something virtualized.
  • Pass the Hash with Ruler –
    A while back I was asked (I think by @singe, but there were others as well) if it was possible to do Pass the Hash (PtH) with Ruler. Figuring this was a great idea, and seeing as I was actively working on some NTLM related code for Ruler, I did a quick implementation.
  • 0day writeup: XXE in –
    Today I’d love to share an interesting XXE in a popular product of company, which could give access to backups of all users in a given company.
  • WAP just happened to my Samsung Galaxy? –
    This blog completes the journey (for now) and describes some of the bugs that we found, potential attack scenarios and the process of responsible disclosure that we followed to get the bugs fixed.


Other News

  • HackingTogether –
    Many of us dove into the world of computers and the Internet because it was a place of acceptance. But there is a dark side to this world, it’s too easy to disconnect, to miss those markers when all you see is what someone tweets, or IMs. We can’t see when you hurt, or when you cry.
  • Things Every Hacker Once Knew –
    One fine day in January 2017 I was reminded of something I had half-noticed a few times over the previous decade. That is, younger hackers don’t know the bit structure of ASCII and the meaning of the odder control characters in it.