Membangun Eksploitasi Windows Bagian 3: Stack-based Overflow

Pernah kan menggunakan Metasploit atau mengambil eksploit dari Exploit-DB dan menggunakannya pada sistem target lalu takjub dengan apa yang dilakukan tool atau skrip tersebut? Setidaknya itu yang saya rasakan 10-15 tahun lalu ketika melakukan uji penetrasi, menemukan kerentanan, dan kebetulan menemukan eksploit yang cocok dengan kerentanan yang saya temukan.

ASUS ROG BIOS Reset on Lost Battery Power

Update 1: My ASUS laptop is ASUS ROG Zephyrus M GM501GS-EI027T. I'm using the latest BIOS version which is 313 (according to the latest version dated 08/30/2019) Update 2: Given a CVE-2019-18216 Update 3: ASUS security team gave me the patch for the BIOS vulnerability I posted here and the patch works. I cannot reproduce…

CDEF Podcast: Head to Head Bug Bounty vs Pentesting

Last week, Indonesia CDEF (Indonesia Cyber Defense Community) invited me to be on their podcast on the night of September 8, 2019. It raised "Head to head Bug Bounty vs. Pentesting." as the topic. You can hear the topic on Spotify below (language spoken: Bahasa Indonesia) https://open.spotify.com/episode/6gSwbVcdvcGnscC1ncDgp6?si=ogfH4hrbQRS1vbKHymJpIQ CDEF Podcast's usually held every two weeks and…

Google Calendar Spam

Some time ago @mubix tweeted about spam that entered Google Calendar, he felt he had never published his calendar, and did not find the e-mail associated with the purchase of iPhone XS Max (according to the tweet). When I saw the tweet, I was intrigued that spammers were getting better at it. https://twitter.com/mubix/status/1166368879423234048 This morning…