Recent content by 0x90
-
[DawgCTF 2025] [PWN] 64 bits in my Ark and Texture
TL;DR basic buffer overflows overwriting return addies 2 wiin 1. what are we working with? 64‑bit ELF (ET_EXEC), NX enabled, no PIE ⇒ every address is static Three hidden flag functions in .text: win1() → prints flag1.txt (no args) win2(arg) → prints DEADBEEF.txt (needs one 64‑bit arg)...- 0x90
- Thread
- Replies: 0
- Forum: CTF Writeups
-
[DawgCTF 2025] [RE] ShinyClean™ Rust Remover Pro™ Edition
TL;DR 0x100byte blob -> lookup table -> SBOX additive key stream, decoding = inverse tble + modular substraction 1. i skimmed the instructions and found an instereting loop 2. right be4 the loop a counter and starting key was inited 3. identified how key is being transformed wrapping...- 0x90
- Thread
- Replies: 0
- Forum: CTF Writeups
-
[DawgCTF 2025] [RE] Oops, I spilled my invisibility potion!
TL;DR Running the 64‑bit ELF prints only four innocuous lines. In the disassembler you immediately notice ~20 consecutive mov …, imm64 instructions that fill a 160‑byte stack buffers before the first puts. That buffer holds the obfuscated flag. 1. Create an array of 20 Qwords at that address...- 0x90
- Thread
- Replies: 0
- Forum: CTF Writeups
-
VAC Module Dumper - Fixed sig
All credits too og creator, just fixed the sig for the routine readme tbm https://github.com/0x90sh/vac-moduledump -
Nginx Dynamic Host Reverse Proxy
Ye sup sup, It got hella annoying manually managing multiple nginx server blocks etc. so i created a lil dynamic host reverse proxy abusing docker, its networking, nginx and openresty. Currently all hard coded, only some sqli/xss detection and combination with cloudflare required. Will extend... -
Hacking Major Swiss Software Companies (Multimillion CHF Companies)
Howdy folks, 0x90 here, your friendly neighborhood CISO and occasional bug bounty hunter. Over the past few months, I’ve been on a cyber-adventure through the world of Swiss software giants. And let me tell you, what I found lurking behind their pristine veneers was enough to make even the...- 0x90
- Thread
- Replies: 0
- Forum: InfoSec Blog
-
Usermode Anti-Cheat for Call of Duty
Introduction Creating a robust usermode anti-cheat for the HorizonMW project has been one of the most challenging yet rewarding experiences I've undertaken. Without kernel access, the task became exponentially more complex, as many conventional cheat detection mechanisms rely heavily on...- 0x90
- Thread
- Replies: 0
- Forum: InfoSec Blog
-
Video Game Hacking: Attacking & Defending Memory for Intermediates
Howdy mr skid, If you thought you can learn game hacking to get an unfair advantage, this is not the right blogpost for you. If you are genuinly interested in getting a more in depth insight into the art of game hacking and defending alias anti cheating, then you can buckle up, since your are...- 0x90
- Thread
- Replies: 0
- Forum: InfoSec Blog
-
kekpath - Recursive web endpoint scanner
Introduction During the solving of my OSCP labs I had alot of repetitive tasks, like enumarating web applications. In addition i have realized that many web applications have thousands of pages and enumarrating all of them ist just not feasible. In addition many tools I have used were just not...