Posts
Scavenger Security
Cancel

SEGRUN: Userland unhooking abusing exception handlers

Inspired by the DEFCON 31 talk in Las Vegas, delivered by Carlos Polop and Yago, I decided to explore a concept from their presentation to develop a new technique. This method, largely unfamiliar t...

Hack.lu 2024 - Mutant [Cloud]

Mutant is an engaging challenge focused on exploiting a Kubernetes cluster. It had 14 solves, and I especially enjoyed taking advantage of the RBAC misconfiguration in the MutatingWebhookConfigurat...

bi0sCTF 2024 - Image Gallery I [Web]

Image Gallery 1 is an enjoyable and interesting web challenge on bi0sctf, with 22 solves. It’s a particularly fascinating for me because it involves exploiting the browser’s local cache in a CTF sc...

EDR as a rootkit (OpenEDR)

Introduction Over the past few months, I have been working with a very interesting open source EDR called OpenEDR. As a Red Team operator, I have spent a significant amount of time evading EDRs ov...

IrisCTF 2024 - Memory [Pwn]

The provided code represents a kernel exploitation challenge, focusing on a vulnerable Linux device driver. The essential segment of the code is as follows: volatile const unsigned char data[] = "...

Cybercamp UMU - Gudari [Forensic]

Gudari es uno de los retos que hemos creado para el CTF de la Cybercamp UMU, organizado en julio de 2023 por la Universidad de Murcia en colaboración con el Club de Ciberseguridad de la Facultad de...

CVE-2021-43579: htmldoc: Stack buffer overflow in image_load_bmp()

On November 4th, 2021, a vulnerability was reported by Scavenger Security member 00xc, which was tagged as CVE-2021-43579. This vulnerability affects the open-source software htmldoc, which is used...

DEF CON CTF Qualifier 2023 - Open House [Pwn]

This year, we participated in DEF CON Quals CTF as members of the Quanterland team. We spent the entire weekend working diligently on an open-house binary exploitation challenge, which had 68 solve...

Bruteforcing forks to leak stack canary [Pwn]

In 2022 I learned a new technique to leak the stack canary with an interesting challenge developed by Animanegra. The challenge is called pwn7, and Animanegra was very insistent that I tried to sol...

HTB Cyber Apocalypse CTF 2023- Interstellar C2 [Forensic]

Interstellar C2 - Difficulty: hard We noticed some interesting traffic coming from outer space. An unknown group is using a Command and Control server. After an exhaustive investigation, we discove...