The Grey Corner

Stephen Bradshaw's blog about pentesting and computer security

Offensive Security Feed Offensive Security Notes

© 2023.

Tags

antivirus 2 backtrack 4 buffer overflow 10 compiler 2 cryptographic attack 1 cryptography 2 ctf 1 CVE-2022-46164 1 dante 1 debugging 3 deserialization 1 dradis 1 egghunter 3 exploit tutorial 10 fuzzing 2 hackthebox 1 heap overflow 1 incident response 5 JavaScript 1 java 1 jekyll 1 libnmap 1 links 2 malicious pdf 5 malware analysis 5 nmap 1 NodeBB 1 omlette 1 outside article 7 pentesting 10 poc 1 prefix 1 prototype 1 python 1 restrictive proxies 4 review 1 rhino 2 SafeSEH 4 SEH 4 shellcode 17 software 10 sql injection 1 sqlmap tamper script 1 sqlmap test payload 1 sqlmap troubleshooting 1 sqlmap 1 ssltest 5 stack based buffer overflow 10 stack overflow 10 suffix 1 theory 1 tips 1 tutorial 11 use after free 2 vulnserver 8 windows buffer overflow 10 windows stack based buffer overflow 9 ysoserial 1

antivirus

backtrack

buffer overflow

compiler

cryptographic attack

hlextend Pure Python hash length extension module 23 Aug 2014

cryptography

ctf

OpenSSL Conversion, Display and Encryption Commands for Pentesters 28 Sep 2015

CVE-2022-46164

CVE-2022-46164 Account takeover via prototype vulnerability in NodeBB 04 Jan 2023

dante

Hackthebox Dante Review 15 Dec 2021

debugging

deserialization

CommonCollections deserialization attack payloads from ysoserial failing on > JRE 8u72 01 May 2016

dradis

Running Dradis in Apache on Ubuntu 21 May 2011

egghunter

exploit tutorial

fuzzing

hackthebox

Hackthebox Dante Review 15 Dec 2021

heap overflow

The Difference Between Heap Overflow and Use After Free Vulnerabilities 31 Mar 2010

incident response

JavaScript

CVE-2022-46164 Account takeover via prototype vulnerability in NodeBB 04 Jan 2023

java

CommonCollections deserialization attack payloads from ysoserial failing on > JRE 8u72 01 May 2016

jekyll

Moving to Jekyll 08 Oct 2020

libnmap

List comprehension one liners to extract info from nmap scans using Python and libnmap 30 Apr 2016

links

malicious pdf

malware analysis

nmap

List comprehension one liners to extract info from nmap scans using Python and libnmap 30 Apr 2016

NodeBB

CVE-2022-46164 Account takeover via prototype vulnerability in NodeBB 04 Jan 2023

omlette

Omlette Egghunter Shellcode 31 Oct 2013

outside article

pentesting

poc

CVE-2022-46164 Account takeover via prototype vulnerability in NodeBB 04 Jan 2023

prefix

Exploiting difficult SQL injection vulnerabilities using sqlmap: Part 1 05 Jan 2017

prototype

CVE-2022-46164 Account takeover via prototype vulnerability in NodeBB 04 Jan 2023

python

List comprehension one liners to extract info from nmap scans using Python and libnmap 30 Apr 2016

restrictive proxies

review

Hackthebox Dante Review 15 Dec 2021

rhino

SafeSEH

SEH

shellcode

software

sql injection

Exploiting difficult SQL injection vulnerabilities using sqlmap: Part 1 05 Jan 2017

sqlmap tamper script

Exploiting difficult SQL injection vulnerabilities using sqlmap: Part 1 05 Jan 2017

sqlmap test payload

Exploiting difficult SQL injection vulnerabilities using sqlmap: Part 1 05 Jan 2017

sqlmap troubleshooting

Exploiting difficult SQL injection vulnerabilities using sqlmap: Part 1 05 Jan 2017

sqlmap

Exploiting difficult SQL injection vulnerabilities using sqlmap: Part 1 05 Jan 2017

ssltest

stack based buffer overflow

stack overflow

suffix

Exploiting difficult SQL injection vulnerabilities using sqlmap: Part 1 05 Jan 2017

theory

The Difference Between Heap Overflow and Use After Free Vulnerabilities 31 Mar 2010

tips

Hackthebox Dante Review 15 Dec 2021

tutorial

use after free

vulnserver

windows buffer overflow

windows stack based buffer overflow

ysoserial

CommonCollections deserialization attack payloads from ysoserial failing on > JRE 8u72 01 May 2016