Failed patches are a norm in our industry, unfortunately. I had to examine the patch for my CVE-2019-12181 vulnerability to see if it was secure.

I found a stable privilege escalation 0day in the Serv-U FTP Server through command injection. This is how I found and exploited it.

I often take breaks from vulnerability hunting, and occasionally I find myself doing some really random things. For example, I stumbled across this poster and decided to make a version of my own. I wanted to make one that is slightly more offensive so that it can be gifted to a good friend. Here is the final result.

In this post I list all the popular vulnerability research and reverse engineering tools. In each category I first listed the tool(s) I personally use, and then followed with alternatives. Pirating software is illegal, but all of the payed programs can be found on pirate websites ;).

The value in an uninitialized variable is one of: zero, a compiler dependent value \(such as 0xCC's in visual studio\), or data previously stored in that memory location (old data). Let's examine why.