Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Talk - Writing My First Exploit

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for James Moriarty James Moriarty
June 16, 2021
Programming
0
1.7k

Talk - Writing My First Exploit

Avatar for James Moriarty

James Moriarty

June 16, 2021
Tweet

More Decks by James Moriarty

See All by James Moriarty
Lightning Talk - Call Graphs
Avatar for James Moriarty jamesmoriarty
0
1.3k

Other Decks in Programming

See All in Programming
360° Signals in Angular: Signal Forms with SignalStore & Resources @ngLondon 01/2026
Avatar for Manfred Steyer manfredsteyer
PRO
0
120
Package Management Learnings from Homebrew
Avatar for Mike McQuaid mikemcquaid
0
220
登壇資料を作る時に意識していること #登壇資料_findy
Avatar for konifar konifar
4
1.1k
AIエージェント、”どう作るか”で差は出るか? / AI Agents: Does the "How" Make a Difference?
Avatar for r-kagaya rkaga
4
2k
AWS re:Invent 2025参加 直前 Seattle-Tacoma Airport(SEA)におけるハードウェア紛失インシデントLT
Avatar for tetutetu214 tetutetu214
2
110
今こそ知るべき耐量子計算機暗号(PQC)入門 / PQC: What You Need to Know Now
Avatar for mackey0225 mackey0225
3
370
AI & Enginnering
Avatar for codelynx codelynx
0
110
疑似コードによるプロンプト記述、どのくらい正確に実行される?
Avatar for kokuyouwind kokuyouwind
0
380
CSC307 Lecture 04
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
0
660
MDN Web Docs に日本語翻訳でコントリビュート
Avatar for uutan1108 ohmori_yusuke
0
650
0→1 フロントエンド開発 Tips🚀 #レバテックMeetup
Avatar for 弁護士ドットコム bengo4com
0
560
16年目のピクシブ百科事典を支える最新の技術基盤 / The Modern Tech Stack Powering Pixiv Encyclopedia in its 16th Year
Avatar for ahu ahuglajbclajep
5
1k

Featured

See All Featured
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
28
2.4k
Making Projects Easy
Avatar for Brett Harned brettharned
120
6.6k
Claude Code どこまでも/ Claude Code Everywhere
Avatar for nwiizo nwiizo
61
52k
How GitHub (no longer) Works
Avatar for Zach Holman holman
316
140k
Writing Fast Ruby
Avatar for Erik Berlin sferik
630
62k
Ethics towards AI in product and experience design
Avatar for Skipper Chong Warson skipperchong
2
190
Accessibility Awareness
Avatar for Sarah Abderemane sabderemane
0
51
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
50
14k
Sharpening the Axe: The Primacy of Toolmaking
Avatar for Bryan Cantrill bcantrill
46
2.7k
The Limits of Empathy - UXLibs8
Avatar for Cassini Nazir cassininazir
1
210
A Soul's Torment
Avatar for Nat Ma seathinner
5
2.3k
Everyday Curiosity
Avatar for Cassini Nazir cassininazir
0
130

Transcript

  1. Writing My First Exploit

  2. Exploit? “...is a piece of software, a chunk of data,

    or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior...” Wikipedia

  3. What? Counter-Strike: Global Offensive • Source code leak from 2013

    for reference. ◦ github.com/ValveSoftware/source-... • Lots of existing exploit examples. ◦ github.com/search?q=dwLocalPlaye...

  4. “Steel-thread” Implementation • “Out of Box” win32 APIs to exploit

    the client side process. ◦ read/write with kernel32.dll ◦ input with with user32.dll • “Benign” exploit impact. ◦ client side jump abuse aka “bunny hop”

  5. Video

  6. How

  7. How?

  8. How func RunHop(client *Client) { for { if gomem.IsKeyDown(VK_SPACE) {

    flags, _ := client.Process.ReadByte(...) if (flags & CSGO_FL_ONGROUND) > 0 { client.Process.WriteByte(...) } } time.Sleep(100 * time.Nanosecond) } }

  9. Binary Compatibility Address E.g. 0x59bc2690 Memory E.g. 00001000 ReadByte

  10. Binary Compatibility 1.0 1.0 1.1 1.2 1.1 1.2 csgo.exe gohack.exe

    Broken Broken

  11. Binary Compatibility 1.0 1.X w/ auto update 1.1 1.2 csgo.exe

    gohack.exe

  12. How func Instrument() (*gohack.Client, error) { ... offsets, err :=

    gohack.GetOffsets() ... process, err := gomem.GetOpenProcessFromName("csgo.exe") ... client, err := gohack.GetClientFrom(process, offsets) ... return client, err }

  13. Testing

  14. Testing Value’s CS:GO • 30GB Package • Steam DRM +

    VAC Anti-cheat • GUI + Internet • A popular game My CS:GO • 42KB Binary • 14 LOC • Headless + Offline • Loads a DLL and hangs

  15. Testing func TestStubProcess(t *testing.T) { withProcess("test\\dll\\csgo.exe", func() { _, err

    := Instrument() got := err.Error() want := "Failed to get player offset" if got != want { t.Errorf("%q; want %q", got, want) } }) }

  16. Testing

  17. github.com/jamesmoriarty/gohack

  18. ???

  19. None

  20. Testing func TestProcessReadUInt32(t *testing.T) { ... valuePtr := (uintptr)(unsafe.Pointer(&value)) ...

    process, err := GetOpenProcessFromName(name) ... assertValue, err := process.ReadUInt32(valuePtr) ... }

  21. github.com/jamesmoriarty/gomem

  22. jamesmoriarty.xyz/software/

  23. Video