Techblog and Security
This question has been asked several times by various users: „Can we get an authentication mechanism for Perlite?“ For those who don’t know what Perlite is: it’s a web app that lets you easily host your Markdown/Obsidian files on the internet yourself. For more information, see the Github repository. Perlite. authentik is a self-hosted, open
Continue Reading „Perlite – Access Control via Authentik“
A Il2cpp scaffold is a ready to use (and to inject) DLL, which give us access to every type definition, object and method from the game and also provides a il2cpp helper API. As I was playing around with some game manipulations for the Game A Tainted Grail – The Fall of Avalon I got
Continue Reading „Il2Cpp Injection and Hooking via Scaffolding“
This post is a follow-up of the How to mod a simple Android App post and heavily based on this great article https://hacking.kurcin.com/android/use-frida-to-controll-unity-app-il2cpp/ Background about this Project I chose a game that I know and that I played myself for a while, this helps to identify useful methods and properties where you want to hook
Continue Reading „How to Patch a Android Unity Game“
Background about this Project This post is about how to reverse and modify the simple Android Dice Roller! app. The app was randomly chosen by me, I wanted to start with something simple, so: Before you start always check, if you can decompile, compile, sign, install and lunch the app, some apps wont run with
Continue Reading „How to mod a simple Android App“
Recently I started to dive deeper into the topic „LPE on Windows“, obviously one of the first things you will learn is to look what runs as system and does it load anything were you have write access to. The Theory I started my learning with some very educating sources about DLL Ghosting and Sideloading.
Continue Reading „Hunting for LPEs in Gaming Software“
How to Start So, that´s a really good question and not easy to answer, it really depends on the goals and knowledge you have, but I`ll try to break this down. For a really first start I can recommend the following sources: Also read my other post about Things i wanted to know before i
Continue Reading „How to start with Buffer Overflows (Linux)“
Entry This Post is about different issues and challenging moments I encountered during my learning experience with Buffer Overflows and wished I knew before. This is not a guide how BOFs are working or how to learn this topic. Watch these two videos from LiveOverflow, these will really save you some time if your exploit
Continue Reading „Things I wanted to know before I started with Buffer Overflows“
A few weeks ago i just started with binary exploitation and as learning and understanding this topic is not enough challenging, i encountered different problems with the tools and some basics. One of these problems i will describe today. Intro there are many good tutorials, challanges and ctfs out there, where you can start learning
Continue Reading „pwntools, gdb, gdbserver and pwndbg with 32 bit binaries“
Doing one of the recent HTB Boxes i came across the tool https://nettools.net and learned how you can retrieve gMSA passwords with it: https://nettools.net/howto-retrieving-gmsa-password-details/ Additional to the howto from NetTools you can change the encoding for the desired attribute to only retrieve the current password this will print you only the current password as hex
Continue Reading „gMSA Passwords“
Seit Windows Server 2019 kann der openSSH Server über die Features oder per Powershell einfach nach installiert werden. Siehe Windows Server 2019 openSSH. Aber auch für Windows Server 2016 und älter besteht die Möglichkeit openSSH als Server Variante einfach zum laufen zu bekommen: Windows Server 2016 openSSH. In dem Beitrag geht es um das Einschränken
Continue Reading „openSSH commands unter Windows absichern“