Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Talk - Writing My First Exploit
Search
James Moriarty
June 16, 2021
Programming
1.8k
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Talk - Writing My First Exploit
James Moriarty
June 16, 2021
More Decks by James Moriarty
See All by James Moriarty
Lightning Talk - Call Graphs
jamesmoriarty
0
1.4k
Other Decks in Programming
See All in Programming
『コードを書く以外の』エンジニアリング〜課金基盤移行プロジェクト推進のためのTips4選
yuriko1211
0
420
壊れたパーサから始める関数型設計と構成的なパーサ #fp_matsuri
raiga0310
2
210
Claude Team Plan導入・ガイド
tk3fftk
0
180
エンジニアにデザインハーネスを 〜デザインプロセスを規定するためのハーネス〜 / Design harness from an engineer's perspective
rkaga
2
1.4k
はてなアカウント基盤 State of the Union
cockscomb
1
1.3k
Generative UI & AI-Assistants for Your Angular Solutions
manfredsteyer
PRO
0
100
LaravelLive Japan の裏方のすべて — 第188回 PHP勉強会@東京 (2026-06-24)
suguruooki
2
150
これからAgentCoreを触る方へトレンドはGatewayです
har1101
6
490
過去最大のMCPアップデート! 2026-07-28 RC版の謎に迫る
licux
6
460
自作OSでスライド発表する
uyuki234
1
3.8k
そのテスト、説明できますか?~LWテスト戦略FW~のご紹介
nakahara
0
200
Prismを使った型安全な暗号化_関数型まつり2026
_fhhmm
0
120
Featured
See All Featured
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
16k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
3k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
6k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.4k
Navigating Algorithm Shifts & AI Overviews - #SMXNext
aleyda
1
1.4k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.8k
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
180
Context Engineering - Making Every Token Count
addyosmani
9
1k
Navigating the moral maze — ethical principles for Al-driven product design
skipperchong
2
410
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
BBQ
matthewcrist
89
10k
It's Worth the Effort
3n
188
29k
Transcript
Writing My First Exploit
Exploit? “...is a piece of software, a chunk of data,
or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior...” Wikipedia
What? Counter-Strike: Global Offensive • Source code leak from 2013
for reference. ◦ github.com/ValveSoftware/source-... • Lots of existing exploit examples. ◦ github.com/search?q=dwLocalPlaye...
“Steel-thread” Implementation • “Out of Box” win32 APIs to exploit
the client side process. ◦ read/write with kernel32.dll ◦ input with with user32.dll • “Benign” exploit impact. ◦ client side jump abuse aka “bunny hop”
Video
How
How?
How func RunHop(client *Client) { for { if gomem.IsKeyDown(VK_SPACE) {
flags, _ := client.Process.ReadByte(...) if (flags & CSGO_FL_ONGROUND) > 0 { client.Process.WriteByte(...) } } time.Sleep(100 * time.Nanosecond) } }
Binary Compatibility Address E.g. 0x59bc2690 Memory E.g. 00001000 ReadByte
Binary Compatibility 1.0 1.0 1.1 1.2 1.1 1.2 csgo.exe gohack.exe
Broken Broken
Binary Compatibility 1.0 1.X w/ auto update 1.1 1.2 csgo.exe
gohack.exe
How func Instrument() (*gohack.Client, error) { ... offsets, err :=
gohack.GetOffsets() ... process, err := gomem.GetOpenProcessFromName("csgo.exe") ... client, err := gohack.GetClientFrom(process, offsets) ... return client, err }
Testing
Testing Value’s CS:GO • 30GB Package • Steam DRM +
VAC Anti-cheat • GUI + Internet • A popular game My CS:GO • 42KB Binary • 14 LOC • Headless + Offline • Loads a DLL and hangs
Testing func TestStubProcess(t *testing.T) { withProcess("test\\dll\\csgo.exe", func() { _, err
:= Instrument() got := err.Error() want := "Failed to get player offset" if got != want { t.Errorf("%q; want %q", got, want) } }) }
Testing
github.com/jamesmoriarty/gohack
???
None
Testing func TestProcessReadUInt32(t *testing.T) { ... valuePtr := (uintptr)(unsafe.Pointer(&value)) ...
process, err := GetOpenProcessFromName(name) ... assertValue, err := process.ReadUInt32(valuePtr) ... }
github.com/jamesmoriarty/gomem
jamesmoriarty.xyz/software/
Video