❌

Reading view

There are new articles available, click to refresh the page.

Starting Drivers

Driver Tut Well, it’s back to my roots boys. No I’m not watching the show roots with Levar Burton playing his iconic role as Kunta Kintay, though I do recommend that, I’m going to talk to you about DRIVERS. WDM Drivers to be exact. In my last post I found...

Hacky Scripting Fun

Fuuucking hell. OK so I lost this post earlier and have been working on some dumb shit. Here’s my goal: use some hacky ass python script along with DIBF for IOCTL discovery against every open handle in the OS. How do you get every open handle in the OS? I...

Kernel Reving

Kernel Stuff So hunting in explorere.exe is all well and good, and I’ve been enjoying it. However, I need to get ready for a course I’m giving on the 31st of January! If you’re not familiar with our HTP green belt course (https://www.hyperiongray.com/htp) we focus heavily on Windows 10 kernel...

Fusssing

Alright tired today but doing two things. One fuzzing: /* SHSTDAPI SHParseDisplayName( PCWSTR pszName, IBindCtx *pbc, PIDLIST_ABSOLUTE *ppidl, SFGAOF sfgaoIn, SFGAOF *psfgaoOut ); */ #include <shlobj_core.h> #include <shlobj.h> #include <shlwapi.h> #include <iostream> #include <objbase.h> #include <string.h> #include <stdio.h> #include <stdlib.h> int OohBabyIneedSomeFuzz(const uint8_t *Data) { ULONG *ulong; LPCWSTR str2 =...

Picking Up the Pieces

OK maybe that’s a dramatic title. Anyway, I was on day 4 or 5 or whatever of my 20 days of 0-day, a stupid little challenge I made for myself. Then I had an idea: I’ve always hated WinDBG, the syntax is fucked, writing scripts sucks, and overall I hate...

Moar Fuzz 3 - Electric Tree!!!

Sorry for the nonsensical title. I’m a little drunk. Anyway, here’s a crash: ==15384==ERROR: AddressSanitizer: attempting to call malloc_usable_size() for pointer which is not owned: 0x0000004df3e0 #0 0x7ff6c5231fd4 in __sanitizer::BufferedStackTrace::UnwindImpl(unsigned __int64, unsigned __int64, void *, bool, unsigned int) C:\src\llvm_package_1100-final\llvm-project\compiler-rt\lib\asan\asan_stack.cpp:77 #1 0x7ff6c524d646 in __asan::asan_malloc_usable_size(void const *, unsigned __int64, unsigned __int64) C:\src\llvm_package_1100-final\llvm-project\compiler-rt\lib\asan\asan_allocator.cpp:986...

MoarMoar Fuzz!!!

Alright back at it on 12/16/2020. I had a thought while I was away (side note: sometimes it helps to step away for a few hours or the rest of the day and come back to a problem. You’ll always think of something good, trust me on this.). By the...

Unfinished CPU notes for Win10 x64

The other day the power was out so I decided to write up a little tutorial on CPUs and Windows 10. tl;dr they work just like you’d see in most systems. Here’s the totally incomplete tutorial. Windows 10 x64 and CPUs x64 sports spiffy new names for its registers. If...

Getting more targeted

Continuing with the fuzz and getting more targeted OK folks, back at it this evening (wtf am I a weatherman??). Since I’ve found ~10 0-days in the Shell32/explorer.exe automation library I think it’s time we admit that I’m going to be finding 0-days all fucking day in this thing. So...

Fuzzing interlude

Fuzzing Interlude As I was doing all of the above I realized I was ready to start some vulnerability hunting. We’ll start with the basics and work our way into more and more complicated stuff. Kernel-land, despite having a lot of stuff to learn this is kinda random (64 byte...

Hacker's Journal

Hongfuzz vs. Apache httpd - FIGHT Hi All, in keeping with the theme of quick iterative notes on wtf I’m up to here is how to get Hongfuzz up and running against apache http. The creators of Honggfuzz have wisely and kindly created a process for fuzzing. That means a...

Hacker's Journal

Welcome to Gray Area: Hackers Notes Below is a place where I will keep some notes related to hacking, any courses I take, and any research that I do. I’ll try to be good about keeping this updated, but if it ever gets out of date, please open an issue...

Journal

layout: post title: Browser Fuzzing tags: [hacking] β€” Well it fucking happened. I stopped writing to this blog for a while. Who saw that coming? Anyway I’m making a comeback. The delay in posts was caused by πŸ₯ - me being in the fucking hospital. Some highlights: perfortated intestine, lost...
❌