Jay Bosamiya Software Security Researcher

Blog - page 3


Genetic Fuzzing

Here, we take a look at "advanced" fuzzing (in comparison to a blind fuzzer, as described in my "Basics of Fuzzing" note). While it also modifies/mutates bytes etc, but it does so in a slightly smarter way than the blind "dumb" fuzzer. Read more...

Basics of Fuzzing

What is a fuzzer, in the first place? And why do we use it? Read more...

Exploitation Abstraction

Of course, when programming, all of us use abstractions, whether they be classes and objects, or functions, or meta-functions, or polymorphism, or monads, or functors, or all that jazz. However, can we really have such a thing during exploitation? Obviously, we can exploit mistakes that are made in implementing the aforementioned abstractions, but here, I am talking about something different. Read more...

"Advanced" Format String Exploitation

While simple format string vulnerabilities are becoming relatively less common these days, every once in a while, we come across some interesting cases in either CTFs or (less likely) real world programs, where having a better understanding of how to attack these vulnerabilities helps immensely. Read more...

Race Conditions & Exploiting Them

If a memory region (or file or any other resource) is accessed twice with the assumption that it would remain same, but due to switching of threads, we are able to change the value, we have a race condition. Read more...