Recent posts

Deep Analysis of KSLØT Keylogger (Turla APT)

First I used **DIE** to see what type of binary we have, It seems that it's a 64 bit DLL. Next I loaded the dll into ...

5 minute read

Phoenix - Final One

If you take a quick look at the code you can spot the format string bug in **logit** function, let's trace back to fi...

4 minute read

Phoenix - Final Zero

This level has a classic stack buffer overflow through **gets** function, so we inject our shellcode in the buffer th...

4 minute read

Phoenix - Net Two

This level gets 64 random bytes and stores them in **quad** then it loops over **quad** 8 bytes at a time and adds th...

1 minute read

Phoenix - Net One

This code generates 4 random bytes integer and sends to to the receiver as raw bytes. The goal here is to convert the...

1 minute read

Phoenix - Net Zero

The goal of this level is to read a random number from a server (localhost in this case) and send it back in little e...

1 minute read

Phoenix - Heap Three

This level is by far the hardest one and I learned a lot from it, I really encourage you to read through the referenc...

9 minute read

Phoenix - Heap Two

The is a classic use-after-free (**UAF**) exploit, if we enter **"auth AAAA"** the code allocates memory and stores i...

3 minute read