Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- This software will not be getting patched and now bug bounty is being rewarded for this. Honestly, IBM does not seem like a good company to do bug bounties for. They never seem to give out bounties when they should be rewarded for patch old software.
- There was a feature that was labeled
Bypass Logon, gives only limited functionality. This just looks like something good to attack! By patching the client for the admin functionality, it was possible to just use the app for all other normal admin calls. Client-side defense is never enough... - The rest of the article discusses a buffer overflow in a command line program, but is not triggerable remotely. Considering the program did not have Nx, ASLR or any binary protections, pwnage with a single memory corruption is quite likely.
- This author is a SINGLE GUY who writes a bunch of awesome articles. If you have some free time, just go through this guys blog for a while.
