HEVD – Race Condition – Windows 10 Pro – SMEP, kCFG, kASLR protections 文章介绍了如何利用HEVD中的Race Condition（Double-Fetch）漏洞进行攻击。通过分析漏洞机制和源代码，展示了如何在Windows 10中绕过保护并执行Shellcode。... 2025-7-11 11:0:14 | 阅读: 13 | 收藏 | Happy Hacking! - xavibel.com hevd doublefetch memory windows

HEVD: Write-What-Where – Windows 10 Pro (SMEP, kCFG, kASLR) 文章详细介绍了如何在Windows 10 Pro中利用HackSys Extreme Vulnerable Driver (HEVD)中的Write-What-Where漏洞进行攻击。通过驱动安装、辅助函数开发、漏洞识别与利用以及保护绕过等步骤，最终实现了对内核内存的任意读写，并成功绕过kCFG和SMEP等安全机制，执行恶意shellcode以获取系统权限。... 2025-7-1 16:10:46 | 阅读: 13 | 收藏 | Happy Hacking! - xavibel.com shellcode ulonglong hhevd

CTF Binary Exploitation – Cyber Apocalypse 2024: Hacker Royale – Death Note Hello everyone!As I explained in the last blog entry, I have participated with my job teamm... 2024-3-17 22:51:8 | 阅读: 13 | 收藏 | Happy Hacking! - xavibel.com xf0 x9f x80 x92 memory

CTF Binary Exploitation – Cyber Apocalypse 2024: Hacker Royale – Pet Companion Hello everyone!Today I want to write a couple of write-ups of a CTF tha... 2024-3-17 19:51:53 | 阅读: 11 | 收藏 | Happy Hacking! - xavibel.com payload junk overflow behaviour pwntools

Shellcode – Windows/x86 – Create Administrator User – Dynamic PEB & EDT Hello everyone,Recently I’ve been learning about Windows x86 shellcoding and I decided... 2023-1-18 20:42:3 | 阅读: 52 | 收藏 | Happy Hacking! - xavibel.com neg shellcode netuseradd netapi32

Creating your own AMSI bypass using Powershell reflection technique IntroductionToday I was reviewing one of the most intersting modules of OSEP certificati... 2022-11-3 19:17:52 | 阅读: 38 | 收藏 | xavibel.com powershell memory funcaddr2 assem lookupfunc

Linux Shared Library Hijacking Hello everyone!In this blog post I would like to cover an interesting topic that is no... 2022-9-6 21:43:59 | 阅读: 36 | 收藏 | xavibel.com library x6a x05 x0f par

Protostar – Format Strings – Level 4 Hello everyone!This is the blog post for the level 4 format level of Protostar, that is... 2020-11-29 04:59:35 | 阅读: 231 | 收藏 | xavibel.com decimal 0x8049724 0x80484b4 33979 protostar

Protostar – Format Strings – Level 3 This is another post about Protostar exploiting box. Let’s start working in the interesting... 2020-11-23 02:35:47 | 阅读: 255 | 收藏 | xavibel.com x96 x04 x08 aaaa memory

Protostar – Format Strings – Level 2 Hello everyone,Let’s continue working in Protostar exploit exercises... 2020-11-23 00:31:27 | 阅读: 280 | 收藏 | xavibel.com protostar osce fgets memory vuln

Protostar – Format Strings – Level 1 Let’s continue working in ProtoStar exploiting exercises. Let’s see how... 2020-11-08 02:45:23 | 阅读: 242 | 收藏 | xavibel.com format1 memory python objdump x96

Protostar – Format Strings Hello everyone! In this blog post I will cover the solution for the Expl... 2020-11-08 01:29:18 | 阅读: 214 | 收藏 | xavibel.com 64d xef python xad

Introduction to Format Strings Bugs Format strings are the result of facilities for handling functions with variable arguments... 2020-10-19 02:37:05 | 阅读: 265 | 收藏 | xavibel.com protostar decimal vuln lains

CVE-2020-10963 – Unrestricted File Upload in FrozenNode/Laravel-Administrator Hi all,This time, we want to show you how we achieved unrestricted file upload in the Larav... 2020-03-24 07:53:40 | 阅读: 202 | 收藏 | xavibel.com php frozennode remote development migrate

CVE-2020-8088 – UseBB Forum 1.0.12 – PHP Type Juggling vulnerability Hello!Last week I was reading about PHP Type Juggling vulnerabilities and I decided to s... 2020-01-23 03:55:43 | 阅读: 235 | 收藏 | xavibel.com php aabc9rqs passwd userdata aabg7xss

Siemens Polarion – CVE-2019-13934, CVE-2019-13935, CVE-2019-13936 Hello,I write this blog post for people that is just starting in web application hacking... 2019-11-25 23:29:12 | 阅读: 205 | 收藏 | xavibel.com polarion siemens subversion

Siemens Polarion – CVE-2019-13934, CVE-2019-13935, CVE-2019-13936 Hello,I write this blog post for people that is just starting in web application hacking... 2019-11-25 22:29:12 | 阅读: 18 | 收藏 | xavibel.com polarion siemens subversion

MobaXterm Buffer Overflow – Malicious Sessions File import Hello!In this blog post I will talk about the exploitation of a vulnerability that I di... 2019-09-02 01:46:25 | 阅读: 198 | 收藏 | xavibel.com shellcode x4e safeseh mobaxterm nseh

SEH based local Buffer Overflow – DameWare Remote Support Hello everyone!At this blog post I’m going to speak about a vulnerability that I detecte... 2019-09-01 05:48:24 | 阅读: 211 | 收藏 | xavibel.com shellcode seh memory venetian dameware

Bypassing Kaspersky AntiVirus 2018 Hello,In this blog post I’m going to show how to do a trick to bypass the Kaspersky 2018 AV... 2019-08-07 16:43:56 | 阅读: 170 | 收藏 | xavibel.com bypass encoder bypassed sled encrypting