Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Most of this article is just an overview of what .LNK files are and their structure.

However, I found the bug simple but interesting. At some point, a buffer is created but never initialized. Because of this, the buffer still has leftover values from when it was previously used for an entirely different purpose!

Eventually, this leads to a write to arbitrary memory. An attacker can choose 4 bytes (from the stream) and write those 4 bytes to any 8 bytes (from previous leftover value).

The off-1 features are usually where the bugs are at; not in the common and known features. This bug abuses the search string functionality of a .LNK file. Look at the weird and underused functionality for bugs.