https://oxasploits.com/ A collection of blog enteries on infosec utilities, vulnerability research, and exploit development work. 2026-02-11T14:34:45-05:00 Marshall Whittaker https://oxasploits.com/ Jekyll © 2026 Marshall Whittaker /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-01-16T01:22:52-05:00 2026-01-16T18:47:14-05:00 https://oxasploits.com/posts/post-exploitation-hijacking-sudo-read-library-call-to-lift-passwords/ Marshall Whittaker

Hijacking sudo’s call to read terminal’s file descriptor to log user input Cautions I take no, and by that I mean zero fucking responsiblity for what you might do with this code. Also, this should never be used in a production environment under any circumstances, it will make your server insecure, and quite possibly break other things system-wide, because /etc/ld.so.preload acts on all bina...

2025-07-12T15:23:13-04:00 2025-07-12T15:23:13-04:00 https://oxasploits.com/posts/assigning-valid-ssl-certificate-secure-internal-vpn-bound-hosts-subdomain-dns/ Marshall Whittaker

The Problem So you want to assign a valid SSL certificate to a host on a VPN, on which you have a subdomain under a domain that you have zonefile access to, where the subdomain points to your host’s VPN IP, and the host requires a working HTTPS server. The issue comes into play when you try to use certbot/letsencrypt/[insert ACME client here] to generate the fullchain and private key, beca...

2023-10-11T02:22:52-04:00 2023-10-11T02:22:52-04:00 https://oxasploits.com/posts/openai-powered-irc-chat-bot-for-fun-and-profit/ Marshall Whittaker

As seen in 2600 The Hacker Quarterly, Autumn 2023!! A Crash Course in LLM AI So, for a long time people have thought about what happens when computers become sentient, what defines sentience, and being self aware. People have fantasized about this, writing books and making movies about AI takeovers since a time when computers were only in their infancy, which surprises even me. While this...

2023-06-14T03:12:11-04:00 2023-06-14T03:12:11-04:00 https://oxasploits.com/posts/network-recon-reconnaissance-techniques/ Marshall Whittaker

Intro to Reconnaissance Learning about a network from afar, whether actively or passively is always one of the first things you do when deciding to penetrate a computer system. There are a variety of tools we can use to help us along in this process, some of which I will cover here. While some of this seems like common sense, that means it is often overlooked, which can mean the difference ...

2023-05-01T03:11:21-04:00 2023-05-01T03:11:21-04:00 https://oxasploits.com/posts/HCI-event-HID-controller-abuse-bluetooth-RCE-exploit/ Marshall Whittaker

The Words of Caution This writeup is a lesson in what happens when we are not, and why we should be very, very cautious of what bluetooth devices we pair to. We’ll start with this, just to set the stage for what’s to come. Pwnt a smartphone in under a minute, simply by connecting to a rouge bluetooth device. Who’da thunk? The Attack This was actually pretty simple, you probably have al...