Reverse engineering games for fun and SSRF - part 2

18th Jan 2019

This is the final part about reverse engineering a game and found a SSRF vulnerability in it. We're going to take a look at the network protocol and try to understand what's going on, then how it could be modified to inject custom data.

Reverse engineering games for fun and SSRF - part 1

18th Jan 2019

During this holiday I had some time to try a new game; while I was playing it I asked myself if I could do some digging and found any vulnerability. This is the journey that took me from reverse engineering the game until I found an interesting SSRF.

Edit websocket requests with Burp

30th Dec 2018

As most of the people out there, Burp is my favourite security tool. Sadly, when you're dealing with websockets, it lacks several features. In order to edit and replay requests, you have to chain another proxy (after applying some customizing).

Disguise PHAR packages as images

11th Sep 2018

US BlackHat 2018 proved that is possible to obtain RCE from a PHAR package, moreover, by tweaking its binary content, it's possible to disguise it as a full valid image, bypassing security checks.
Let's see how.

Breaking PHP internals

A vulnerable application allows an attacker to load arbitraty PHP classes by sending out specially crafted requested.
Exploiting PHP autoloader we can turn it into a Local File Inclusion.