Stickied Posts

Recent Posts

HITB GSEC Qualifiers 2018 - Baby Pwn (Pwn)

3 minute read

Using a format string attack on a remote server, an attacker can leverage certain data structures present in a running Linux process to ascertain key address...

HITB GSEC Qualifiers 2018 - Baby Nya (Web)

2 minute read

An exposed Apache JServ Protocol server allows an attacker to proxy requests to Tomcat server running Jolokia. The Jolokia instance allows the attacker to cr...