tl;dr

• Whisper model converts audio to text
• text is passed through subprocess and not sanitized
• difficult to generate a command injection through manual voice
• Need to invert the Neural network that will generate the audio file we need
• Implement Gradient descent based inversion to find input for target output.
• Generate the audio file and send, get flag!

tl;dr

• ECDSA signing server with biased nonce
• Exploitation by modelling a EHNP instance and using z3 Solver for breaking Mersenne Twister

tl;dr

• memcpy in CPY goes out-of-bounds of VM stack.
• Abuse memcpy to copy the register struct to stack and modify the values using stack operations and register operations.
• Copy values back to the register struct, modifying the VM stack bp and sp registers.
• This migrates the VM stack to wherever you want, gaining arbitrary read and write.
• Leak environ pointer to get stack leak.
• Migrate VM stack to main function’s stack to overwrite return address with ROP chain or one-gadget.

tl;dr

• Reverse to find unique function not containing bad stack canary
• Libc leak using format string vulnerability in printf
• ROP chain to get shell

tl;dr

• Chrome extension debugging and exploitation
• Leaking flag byte by byte using css injection

tl;dr

• Analysis of different types of malware in a linear storyline
• Windows timelining
• Analysis of Rootkit, Ransomware, C2 Framework, Process Hollowing, Persistence, and more

tl;dr

• appending same bytes to an existing collision results in a collision as well
• reusing nonce leads to secret leak

tl;dr

• Timing-based attack on the double-and-add algorithm to recover secret value d
• Predict pseudo-random value using the NSA backdoor on Dual_EC_DRBG

tl;dr

• Challenge 2 of Batman Investigation series
• Ransomware Investigation
• Rust based Ransomware Analysis with process dump analysis to recover the randomly generated decryption vector and windows malware analysis
• Recovering from a ransomware attack