The Egg Series: How Eggxactly Insecure Deserialization Exploit works – Part 1

0

A lot of people I ask, fail to clearly explain how the Insecure Deserialization exploits work. It is often hard to confirm and exploit. I wanted to learn deeper about this vulnerability. So I decided to give a talk at Null Hyderabad‘s June meet. This blog is write-up of the same content delivered in the meetup. This is the second episode of “The Egg Series”.

Continue reading

How Eggxactly Buffer Overflow Flaws Work? Part 1: Preparing for Overflow

0

I’m not sure about you, but I used to see news about some components suddenly known to be vulnerable to Buffer Overflow and the vendor released an emergency patch. I never had a chance to understand the Weakness in detail. I knew it’s another type of Remote Code Execute (RCE) but never explored. If you’re like me, let’s attempt to explore it, understand how eggxactly it happens, how to reproduce a Simple Buffer Overflow to get a reverse shell.

Continue reading

Asked Hall of Fame but Uber gave me Rs.2 lacs

2

#BugBounty.. I started with it a few months back. The real challenge that a newbie bounty hunter face is the “Competition”. Whenever a new program is announced on hackerone or bugcrowd, within a very few hours, 100s of reports are being submitted. All the low hanging fruits are gone! But I wanted to grab some from my fellow hunters. Here’s the story how I got lucky with Uber recently.

Continue reading