https://tortel.li/ Recent content on tortel.li Hugo -- gohugo.io en-us Fri, 01 Sep 2023 15:00:00 +0200 https://tortel.li/post/dirty_filepath/ Fri, 01 Sep 2023 15:00:00 +0200 https://tortel.li/post/dirty_filepath/ At least once in their career, every Go programmer had to write code that interacted with the filesystem. For example, if our application needed to handle some documents, we probably had to write code that handled the files and saved it under a directory. We may have ended up writing code that resemble this: p := filepath.Join(uploadsDirectory, userChosenFileName) f, err := os.OpenFile(p, os.O_RDWR|os.O_CREATE, 0755) if err != nil { return err } f. https://tortel.li/post/insecure-scope/ Wed, 08 Feb 2023 14:59:51 +0100 https://tortel.li/post/insecure-scope/ I work in a company that uses custom electronic boards, so there are plenty of instruments floating around that electrical engineers employ to debug faulty connections and solderings. One kind of tools used are the oscilloscopes, tools that measure signals and plot them in a graphically understandable way. We have a bunch of them, yet only one model in particular caught my attention, because it has a web interface! I was super curious so I decided to try and (digitally) crack it open. https://tortel.li/post/fastbin_dup/ Tue, 30 Aug 2022 15:09:57 +0200 https://tortel.li/post/fastbin_dup/ While learning the fastbin dup attack, all the online resources I found made the same assumptions: GLIBC is either compiled without tcache support, or in one of the exploit steps calloc is called instead of malloc, and that made me confused. In this article I will cover how to use the fastbin dup attack with a modern GLIBC and shed some light on this exploitation technique. The original fastbin dup attack The original fastbin dup attack leverages a so-called double free. https://tortel.li/post/malloc-internals-chunks/ Tue, 30 Aug 2022 12:45:11 +0200 https://tortel.li/post/malloc-internals-chunks/ Since last year I’m involved in infosec, and I co-founded the havce CTF team with some of the colleagues that attended the CyberChallenge.IT course in 2021. I am a big fan of pwn challenges and binary exploitation in general, so after dealing with standard buffer overflows on the stack and the various format string vulnerabilities, I wanted to step up my skills and learn some heap exploitation. I started by using the awesome HeapLAB by Max Kamper. https://tortel.li/about/ Mon, 02 Aug 2021 20:29:31 +0200 https://tortel.li/about/ Hi, I’m Manuel and I go by kriive on the internet. I’d love to have a chat, hit me up on Telegram. https://tortel.li/post/webassembly-and-go/ Thu, 29 Jul 2021 23:24:49 +0200 https://tortel.li/post/webassembly-and-go/ This semester in university I had one professor that distributed lectures and other learning material as PDF files. Sounds perfect! I can use them and take notes directly on my iPad! – Me Nope, because these PDFs are not writable and protected by a password, rendering iPad note taking impossible. I mean, why would anyone lock a PDF file of a lecture in the first place? After a brief Google search, I learned that PDFs like mine can be unlocked by a high number of tools (qpdf, pdftk, …) without knowing the password.