Practical introduction to Frida on Android: setting up the environment (ADB + frida-tools + frida-server) and solving several basic exercises with JavaScript scripts.
Practical write-up of a 64-bit ELF with format string and buffer overflow to leak libc/PIE/canary and build a ROP that bypasses NX, ASLR, PIE, and stack canary.
MITM with ARP poisoning and mitmproxy: intercept traffic in transparent mode, redirect with iptables, and modify responses on the fly using scripts with mitmdump.
Write-up of simple CTF challenges (web and stego/crypto): type juggling in PHP, impossible conditions with is_numeric, hidden parameters in source, and stego with Stegsolve/hex.
Descripción de Frolic (HackTheBox): máquina Linux de nivel medio que explota un servicio web con múltiples pasos de enumeración (Ook, base64, ZIP, brainfuck) para obtener acceso al shell, y luego se eleva a root a través de ret2libc en un binario setuid con NX habilitado y ASLR deshabilitado.
Video write-up by Brainpan (Vulnhub) focused on practising buffer overflow in Windows for OSCP using Mona.
Step-by-step explanation and PoC of the chain of vulnerabilities in WordPress 5.1 (patched in 5.1.1): CSRF in comments → Stored XSS via wp_kses bypass → RCE by editing plugin as administrator. Requires victim interaction (visiting malicious page).
Two real techniques for bypassing captive portals on WiFi networks: MAC cloning (weak authentication) and DNS tunnelling with iodine (for more secure portals). Updated with modern tools, best practices, and security recommendations.
Practical summary of port forwarding/tunnelling techniques in Linux and Windows (SSH, socat, netcat, meterpreter, plink, and netsh) for accessing internal services behind firewalls.
Proof of Concept (PoC) for the WinRAR CVE-2018-20250 vulnerability, allowing remote code execution by extracting malicious files to arbitrary directories. Step-by-step guide to create a malicious ACE file that executes a payload on system startup.
Protostar Stack6: when you can't jump to the stack, it's time for ret2libc. Offset calculation and use of system(), exit() and '/bin/sh' from libc to execute a shell.
Protostar Stack5: first "classic" buffer overflow with shellcode injection, offset calculation, EIP control, and use of NOP sled to stabilise addresses.