2016 to 2019 - What I've been up to

Posted on

Maybe it would be a stretch to say I’ve been busy since 2016, but I haven’t been doing nothing. Here are links to things I’ve been doing.

I published Do Stack Buffer Overflow Good, a guide to exploiting basic Saved Return Pointer bugs on Win32. I presented it at Crikeycon 2016.

I reported a pre-auth RCE vulnerability in the Metasploit Community/Express/Pro Web UI.

I also reported an arbitrary file write vulnerability in the Metasploit Meterpreter handler. This bug allowed a “Victim” machine running Meterpreter to write arbitrary files on the “Attacker’s” machine running Metasploit, similar to @zeroSteiner’s Skywalker bugs in Empire.

I reported some quirky code execution vulnerabilities in RVM and Visual Studio Code then spoke about them at Crikeycon and AusCERT in 2019.

Finally, I’ve been streaming binary exploitation stuff on-and-off (Mostly off) on Twitch.tv. There’s about 70 hours of past footage available on my YouTube channel.