How I exploited Intel’s Active Management Technology in ChinaIn previous blog, I talked about how I managed to exploit the Russian guy’s Orange Pi 5 and persisted it. In this blog, I want to explain h...
How I hacked Russian guy with ADB ShellEveryone knows how the internet works. If you have anything open, you’ll most likely get hacked. I would like to talk about some Russian guy/girl (I don’t k...
Implementing Hill Cipher in C++Everyone knows that encryption/decryption is very important when writing malware. That can be used for everything, starting from obfuscating strings and shellcodes ...
Attacking Russian scam website (Part I)I know a guy who lives in the U.S., and he told me that he received a suspicious email from Russians. They offered him a job, but he had to fill out a form that ...
Forcing “dead” Radxa 4C+ to boot (Part I)Several days ago I got my hands on Radxa 4C+ which is an alternative for Raspberry PI. I tried booting it, but it didn’t work. At first I thought it was happen...
Squid loves to pass stuff around…No exploits?This CTF was quite interesting because there were no exploit PoCs initially, unlike other challenges. This time there is a Windows server that hosts Squid ...
Mailing a plastic explosiveIn this challenge I’m going to mail a C4 plastic explosive to the host. When this explodes, it leaves a small hole where we can enter to interact with root shell. To be hone...
So I paid for OffSec…Today I started doing OffSec machines on Proving Grounds. The first machine that I solved was called “Exfiltrated”. Basically, this machine is about exploiting ExifTool vulnerabil...
Don’t call functionsPeople who try to create malware for the first time often ask me, “Toko, how are you managing to avoid AV engines?” Well, there are tons of details, but today I’ll talk about one o...
I just spawned into the voidYeah… basically, that’s what happened. When I was 13, I saw a movie about a guy who was basically a hacker (but not quite). As a child I decided to learn how hackers and ma...