Windows X86 on

Heap Drift: Misaligned Write in SafeMail’s Attachment Parser

Thu, 08 Feb 2024 00:00:00 +0000

Prologue
#

Started out just poking at SafeMail’s desktop client because I was curious how they handled attachments. It’s always those small parsing subsystems where things fall apart. I loaded up the binary in IDA and watched the way filenames were processed when attachments were being saved.

Chaining Control: ROP Exploitation in HealthDesk Report Viewer

Thu, 14 Sep 2023 00:00:00 +0000

Prologue — CSVs, Gadgets & Shells
#

It started with a curiosity hit—an old install of HealthDesk Report Viewer, still alive on a legacy Windows 7 x86 box. Binary hadn’t been touched since 2010. And it was one of those static base address builds, no ASLR, no DEP, no nothing. Just waiting.

From Blob to Boom: Insecure Deserialization in FinPro CRM

Fri, 04 Aug 2023 00:00:00 +0000

Insecure Deserialization in FinPro CRM Client (x86)
#

Prologue: Old Habits, Unsafe Casts
#

I was poking through a legacy CRM tool called FinPro — the kind your dad’s office might still be using. Clunky GUI, startup splash screen, and an installer that required admin rights. Perfect vintage.

Swipe to Shell: Exploiting a Buffer Overflow in PaySafeTech Daemon

Fri, 17 Mar 2023 00:00:00 +0000

Buffer Overflow in PaySafeTech Payment Daemon
#

Prologue: The Ghost in the Machine
#

The smell of late-night coffee and burnt solder still hung in the air. It was one of those nights — quiet, focused, and laced with the promise of uncovering something… forgotten.

Windows X86 on

Heap Drift: Misaligned Write in SafeMail’s Attachment Parser

Prologue #

Chaining Control: ROP Exploitation in HealthDesk Report Viewer

Prologue — CSVs, Gadgets & Shells #

From Blob to Boom: Insecure Deserialization in FinPro CRM

Insecure Deserialization in FinPro CRM Client (x86) #

Prologue: Old Habits, Unsafe Casts #