Kevin Suckiel
Senior Offensive Security Professional
Research & Writeups
January 31, 2024
ROP Till You Drop: Bypassing DEP with Style using VirtualAlloc
Building ROP chains to bypass Data Execution Protection while using VirtualAlloc
→January 19, 2024
SSTI's Secret Hideout in Python's Jinja Jungle
Exploiting an SSTI in the Jinja templating engine
→October 13, 2023
CICDeez Domain Admins
Pivoting from an external position to a domain compromise via CICD infrastructure.
→September 6, 2023
Strace Spelunking: Diving Deep into SSH Password Discovery
Exploiting the inherent nature of the SSH protocol and how we can obtain the cleartext version of a user's password by hooking Linux system calls.
→