Jul 3, 2013

PHP strip_tags not a complete protection against XSS” was originally written by Dan Guido when he was a student in the ISIS Lab.

Jun 6, 2013

This was done while interning at Gotham Digital Science and the original blog post can be found here: http://blog.gdssecurity.com/labs/2013/5/8/writing-an-xss-worm.html

May 6, 2013

For Hack Night, Nitin and I set about teaching students how to read and write x86 assembly. I was tasked with teaching students how to write x86. Naturally, being short on time I decided to  cheat by writing some C code, compiling it, and taking a peek at the output before walking students through how to manually compile code by hand. When I compiled my demos, there was one particular control flow structure that threw me for a loop (no pun intended.)  It was a particular kind of switch; I’d describe it to you but I may as well just share the code.

Apr 24, 2013

This past weekend, April 19th 2013 in the year of our lord, Brooklynt Overflow assembled to partake in the spectacle of pwning known as PlaidCTF. I’m particularly fond of PlaidCTF because it is the first CTF that I played in as a member of Brooklynt Overflow so many years ago and is usually on or around my birthday. Anyway, enough about me and onto the pwnage. Late in the first day I set my eyes on the RopasaurusRex pwnable for 200 points. RopasaursRex is a very simple binary with two functions.

Apr 12, 2013

If you were busy in Cancun over spring break, you missed out on our hardware hacking workshop in the ISIS lab!

Apr 11, 2013

Introduction

Apr 1, 2013

We hope you enjoyed our April Fools’ Joke!  Subscribe to our blog for technical posts on offensive security.  Check out our program here.

Mar 11, 2013

Just a bit of warning about clang. By the default state the clang compiler does not install stack cookie checks to its function calls.