Photo by Shannon Litt on Unsplash

Sudo Heap Overflow CVE-2021-3156

Replicating CVE-2021-3156 with AFL


Author: Andres Roldan

Category: attacks

Tags: fuzzing,  vulnerability,  hacking,  exploit,  discovery

In this article we will be able to reproduce the bug described on CVE-2021-3156 using fuzzing.



Photo by Christina @ wocintechchat.com on Unsplash

HEVD: Local Privilege Escalation

Local Privilege Escalation


Author: Andres Roldan

Category: attacks

Tags: osee,  training,  exploit,  windows,  kernel,  hevd

In this article we will be able to perform a Local Privilege Escalation using an exploit to HEVD



Photo by Michael Dziedzic on Unsplash

HEVD: kASLR + SMEP Bypass

Bypassing OS protections


Author: Andres Roldan

Category: attacks

Tags: osee,  training,  exploit,  windows,  kernel,  hevd

In this article we will defeat some protections using several techniques for exploting HackSys...



Photo by Chaozzy Lin on Unsplash

HEVD: Denial of Service

How to crash Windows


Author: Andres Roldan

Category: attacks

Tags: osee,  training,  exploit,  windows,  kernel,  hevd

This article will be the first approach to start exploting HackSys Extremely Vulnerable Driver...



Photo by Wesley Caribe on Unsplash

Windows Kernel Exploitation: Lab

Getting in the deeps of the OS


Author: Andres Roldan

Category: attacks

Tags: osee,  training,  exploit,  windows,  kernel,  hevd

This post will guide you to setup a lab environment for start exploiting Windows Kernel drivers



Photo by Clovis WOOD on Unsplash

A Recent OSCE in Our Team

A short interview with Andres Roldan


Author: Felipe Ruiz

Category: interview

Tags: interview,  red-team,  osce,  training,  exploit,  software

We spoke with Andres Roldan, our Offensive Team Leader, who recently obtained his OSCE...



Photo by Syed Ali on Unsplash

TRUN: Exploiting with ROP

Exploiting Vulnserver with ROP


Author: Andres Roldan

Category: attacks

Tags: osee,  training,  exploit,  vulnserver

This post will show how to create a complete, functional exploit creating a complex shellcode using ROP



Photo by Michael Dziedzic on Unsplash

Bypassing DEP with ROP

Running instructions by reference


Author: Andres Roldan

Category: attacks

Tags: osee,  training,  exploit

This post will show how bypass the Data Execution Prevention security mechanism using...



Photo by Chris Panas on Unsplash

Understanding DEP

Let's protect the stack


Author: Andres Roldan

Category: attacks

Tags: osee,  training,  exploit

This post will show how the Data Execution Prevention (DEP) security mechanism works and what...



Photo by Joshua Earle on Unsplash

A Journey to OSCE

A personal OSCE experience


Author: Andres Roldan

Category: attacks

Tags: osce,  training,  exploit

This post will describe the journey that I took to earn the OSCE certification.



Photo by Keagan Henman on Unsplash

Exploiting MiTeC NetScanner

Tricky SEH exploit


Author: Andres Roldan

Category: attacks

Tags: osce,  vulnerability,  training,  exploit

This post will show how to build our version of an exploit for NetScanner 4.0.0.0, which was...



Photo by Pierre Binet on Unsplash

Vulnserver Reverse Engineering

The devil is in the details


Author: Andres Roldan

Category: attacks

Tags: osce,  vulnserver,  training,  vulnerability,  exploit

This post will show how use reverse engineering techniques and tools to find vulnerabilities on...



1 2 >

OWASP logo

Corporate member of The OWASP Foundation

Clutch Review
Service status - Terms of Use - Privacy Policy - Cookie Policy

Copyright © 2021 Fluid Attacks, We hack your software. All rights reserved.