This post is based on this article from google project zero. For more details please read their awesome post, I will just give a brief overview. Microsoft (R) Diagnostics Hub Standard Collector Se...

In this short writeup I will show how I completed Access on hackthebox.eu, a quite easy windows box that involves parsing credentials from ms office files, converting mail formats and accessing sav...

This post is a walkthrough of Zipper, an interesting machine on hackthebox.eu featuring the zabbix network monitoring application. It involves the application of known zabbix exploits, manipulation...

In this post I will give a quick walkthrough on Giddy from hackthebox.eu. The machine involves (automated) sql injection, stealing ntlm hashes via sqli and the exploitation of vulnerable service fo...

Ypuffy is a rather unique machine on hackthebox.eu because it features OpenBSD as operating system. In my version of getting root it didn’t matter too much unfortunately because a public kernel exp...

LimeSurvey is a widely used open source application that allows it to create surveys with various features. For this post I will use LimeSurvey Version 2.72.3+171020 which contains a known vulnerab...

DynamoRIO comes with a handy tool to generate code coverage data for any program. To generate the data we need to use drrun with the drcov client. For this post we will generate coverage data for a...

DynamoRIO (https://dynamorio.org/) is a dynamic binary instrumentation framework that allows to manipulate binary code at runtime. The framework can be used to build various tools for program analy...