Prashant KumarAnalysis of CVE-2017–5005: QuickHeal Buffer OverflowRecently, I hosted an internal CTF event in my company. I wanted to include a challenge which would include some Windows Exploitation…May 4, 2020May 4, 2020
Prashant KumarA Not-So-Blind RCE with SQL InjectionThis is a story of a typical xp_cmdshell giving a RCE which is blind due to some restrictions and how I bypassed those restrictions.Jan 30, 20202Jan 30, 20202
Prashant KumarExtracting Source Code from Pre-Compiled ASP.Net applicationsIn a recent assignment, I found a Path Traversal vulnerability in an ASP.Net based web application. Naturally, the first thing I went…Jan 28, 20201Jan 28, 20201
Prashant KumarWindows Exploitation: Dealing with bad characters — QuickZip exploitWhen you begin your journey in exploitation, you start with simple buffer overflows, then you deal with SEH, play with egg hunters and so…May 30, 2019May 30, 2019
Prashant KumarWindows Exploitation: ASLR Bypass (MS07–017)In this blog, I will be analysing a long forgotten Windows Animated Cursor Remote Code Execution Vulnerability (CVE-2007–0038) on Windows…Mar 3, 2019Mar 3, 2019
Prashant KumarWindows Exploitation: Egg huntingLately, I’ve been exploring the world of Windows exploitation. I was already familiar with the concept of Buffer Overflows, brushed those…Feb 14, 20193Feb 14, 20193
Prashant KumarA possibility of Account Takeover in MediumThere are times when you discover something that is very common and ordinary which just blows your mind and you start thinking, “How come…Oct 20, 2018Oct 20, 2018
Prashant KumarA small introduction to Process ExplorerProcess Explorer is a SysInternals utility that is pretty much advanced version of in-built Task Manager. It can be downloaded from…Nov 14, 2016Nov 14, 2016