TL;DR: In this blog post I’m going to write about my personal experience about the Offensive Security Exploitation Expert (OSEE) certificate and the Advanced Windows Exploitation (AWE) training; delivered in Las Vegas at BlackHat USA 2019. 0x01: Introduction After I’ve passed the OSCP in December 2017 and the OSCE in July 2018, I’ve decided to improve my exploitation skills especially with the focus on Windows and modern memory protection techniques such as ASLR, DEP, SMEP, CFG, and ACG....

This blog post describes a security vulnerability found in the product HiDrive Desktop Client. HiDrive is the cloud storage solution of Berlin-based Strato, an internet hosting service. The HiDrive Desktop Client for Windows allows a customer to sync files and folders easily to the provided cloud solution. The core components of the HiDrive client is also used by other internet and cloud providers such as Telekom and 1&1. Introduction During some personal research at the beginning of February, a critical vulnerability in HiDrive was discovered....