Store password in clear text (insecure) If the attacker successfully compromises the database, they gain access to all passwords, allowing them to log in as any user. Store a password hash ge...

I was always curious about how the actual remote code execution occurs during the Insecure Deserialization process. So I thought of giving a try to understand the known harmful gadgets from commons...

Concept of Serialization The process of converting the state of object into stream of bytes is called serialization. The purpose of serialization is to save the object’s state to the file system ...

Linux binary exploitation is a fascinating topic. A big thanks to my good friend vampire, who provided me with this challenge and guided me through a complex stack canary bypass technique. The pri...

In DEFCON #16, there was an interesting session on HP OpenView NNM exploitation “from bug to 0 day” presented by muts. While watching his walk-through, I found that this particular exploit developm...