Membangun Eksploitasi Windows Bagian 3: Stack-based Overflow

Pernah kan menggunakan Metasploit atau mengambil eksploit dari Exploit-DB dan menggunakannya pada sistem target lalu takjub dengan apa yang dilakukan tool atau skrip tersebut? Setidaknya itu yang saya rasakan 10-15 tahun lalu ketika melakukan uji penetrasi, menemukan kerentanan, dan kebetulan menemukan eksploit yang cocok dengan kerentanan yang saya temukan.

ASUS ROG BIOS Reset on Lost Battery Power

Update 1: My ASUS laptop is ASUS ROG Zephyrus M GM501GS-EI027T. I'm using the latest BIOS version which is 313 (according to the latest version dated 08/30/2019) Update 2: Given a CVE-2019-18216 Update 3: ASUS security team gave me the patch for the BIOS vulnerability I posted here and the patch works. I cannot reproduce…

CDEF Podcast: Head to Head Bug Bounty vs Pentesting

Last week, Indonesia CDEF (Indonesia Cyber Defense Community) invited me to be on their podcast on the night of September 8, 2019. It raised "Head to head Bug Bounty vs. Pentesting." as the topic. You can hear the topic on Spotify below (language spoken: Bahasa Indonesia) https://open.spotify.com/episode/6gSwbVcdvcGnscC1ncDgp6?si=ogfH4hrbQRS1vbKHymJpIQ CDEF Podcast's usually held every two weeks and…

Google Calendar Spam

Some time ago @mubix tweeted about spam that entered Google Calendar, he felt he had never published his calendar, and did not find the e-mail associated with the purchase of iPhone XS Max (according to the tweet). When I saw the tweet, I was intrigued that spammers were getting better at it. https://twitter.com/mubix/status/1166368879423234048 This morning…

My Review on Advanced Windows Exploitation course by Offensive Security

For the past few months, I have been preparing for the Advanced Windows Exploitation (AWE) training at one of Asia's most popular hacker conferences, Black Hat Asia 2019. AWE is one of the training organized by Offensive Security LLC, a Kali Linux distro maker (formerly Backtrack) and the Exploit-DB website (www.exploit-db.com). After waiting for approximately…

Zahir Enterprise Plus 6 <= build 10b – Buffer Overflow (SEH)

Zahir Accounting adalah software akuntansi yang sangat banyak digunakan oleh tingkatan SOHO (Small Office Home Office) di Indonesia. Selain harganya yang terjangkau, Zahir memiliki fitur yang lebih dari cukup untuk menyelesaikan pencatatan akuntansi yang tanggung, dalam arti mampu menyisir tingkat menengah ke bawah dan juga mampu menghadapi tantangan akuntansi yang hampir mendekati tingkat enterprise.  Pada kesempatan…