There are new articles available, click to refresh the page.
Before yesterdayHacker's Journal


27 March 2020 at 04:00
layout: post title: Browser Fuzzing tags: [hacking] β€” Well it fucking happened. I stopped writing to this blog for a while. Who saw that coming? Anyway I’m making a comeback. The delay in posts was caused by πŸ₯ - me being in the fucking hospital. Some highlights: perfortated intestine, lost...

Hacker's Journal

8 December 2020 at 05:00
Welcome to Gray Area: Hackers Notes Below is a place where I will keep some notes related to hacking, any courses I take, and any research that I do. I’ll try to be good about keeping this updated, but if it ever gets out of date, please open an issue...

Hacker's Journal

9 December 2020 at 05:00
Hongfuzz vs. Apache httpd - FIGHT Hi All, in keeping with the theme of quick iterative notes on wtf I’m up to here is how to get Hongfuzz up and running against apache http. The creators of Honggfuzz have wisely and kindly created a process for fuzzing. That means a...

Fuzzing interlude

10 December 2020 at 05:00
Fuzzing Interlude As I was doing all of the above I realized I was ready to start some vulnerability hunting. We’ll start with the basics and work our way into more and more complicated stuff. Kernel-land, despite having a lot of stuff to learn this is kinda random (64 byte...

Getting more targeted

14 December 2020 at 05:00
Continuing with the fuzz and getting more targeted OK folks, back at it this evening (wtf am I a weatherman??). Since I’ve found ~10 0-days in the Shell32/explorer.exe automation library I think it’s time we admit that I’m going to be finding 0-days all fucking day in this thing. So...

Unfinished CPU notes for Win10 x64

14 December 2020 at 05:00
The other day the power was out so I decided to write up a little tutorial on CPUs and Windows 10. tl;dr they work just like you’d see in most systems. Here’s the totally incomplete tutorial. Windows 10 x64 and CPUs x64 sports spiffy new names for its registers. If...

MoarMoar Fuzz!!!

16 December 2020 at 05:00
Alright back at it on 12/16/2020. I had a thought while I was away (side note: sometimes it helps to step away for a few hours or the rest of the day and come back to a problem. You’ll always think of something good, trust me on this.). By the...

Moar Fuzz 3 - Electric Tree!!!

17 December 2020 at 05:00
Sorry for the nonsensical title. I’m a little drunk. Anyway, here’s a crash: ==15384==ERROR: AddressSanitizer: attempting to call malloc_usable_size() for pointer which is not owned: 0x0000004df3e0 #0 0x7ff6c5231fd4 in __sanitizer::BufferedStackTrace::UnwindImpl(unsigned __int64, unsigned __int64, void *, bool, unsigned int) C:\src\llvm_package_1100-final\llvm-project\compiler-rt\lib\asan\asan_stack.cpp:77 #1 0x7ff6c524d646 in __asan::asan_malloc_usable_size(void const *, unsigned __int64, unsigned __int64) C:\src\llvm_package_1100-final\llvm-project\compiler-rt\lib\asan\asan_allocator.cpp:986...

Picking Up the Pieces

25 December 2020 at 05:00
OK maybe that’s a dramatic title. Anyway, I was on day 4 or 5 or whatever of my 20 days of 0-day, a stupid little challenge I made for myself. Then I had an idea: I’ve always hated WinDBG, the syntax is fucked, writing scripts sucks, and overall I hate...


28 December 2020 at 05:00
Alright tired today but doing two things. One fuzzing: /* SHSTDAPI SHParseDisplayName( PCWSTR pszName, IBindCtx *pbc, PIDLIST_ABSOLUTE *ppidl, SFGAOF sfgaoIn, SFGAOF *psfgaoOut ); */ #include <shlobj_core.h> #include <shlobj.h> #include <shlwapi.h> #include <iostream> #include <objbase.h> #include <string.h> #include <stdio.h> #include <stdlib.h> int OohBabyIneedSomeFuzz(const uint8_t *Data) { ULONG *ulong; LPCWSTR str2 =...

Kernel Reving

31 December 2020 at 05:00
Kernel Stuff So hunting in explorere.exe is all well and good, and I’ve been enjoying it. However, I need to get ready for a course I’m giving on the 31st of January! If you’re not familiar with our HTP green belt course (https://www.hyperiongray.com/htp) we focus heavily on Windows 10 kernel...

Hacky Scripting Fun

7 January 2021 at 05:00
Fuuucking hell. OK so I lost this post earlier and have been working on some dumb shit. Here’s my goal: use some hacky ass python script along with DIBF for IOCTL discovery against every open handle in the OS. How do you get every open handle in the OS? I...

Starting Drivers

8 January 2021 at 05:00
Driver Tut Well, it’s back to my roots boys. No I’m not watching the show roots with Levar Burton playing his iconic role as Kunta Kintay, though I do recommend that, I’m going to talk to you about DRIVERS. WDM Drivers to be exact. In my last post I found...