[Chiggins' Thoughts]

Chris Higgins photo

Hello! I'm Chris Higgins, M.S., OSCP, and this is my website where I'll attempt to post useful bits of what I'm working on or whatever.

I am an application developer and server administrator for the College of Arts and Sciences at Illinois State University. Currently I’m interested in malware analysis, reverse engineering, exploit development, penetration testing, and secure web programming.

You can follow me on Twitter @ch1gg1ns, on GitHub, or you can find me on FreeNode as chiggins usually lurking in #isusec or #vulnhub.

Recent Posts

Two New Metasploit Modules

published on
This isn’t really anything super big but still something I’m proud of. I’ve recently gotten two Metasploit exploit modules merged into master, which is pretty cool! You can see what I’ve contributed to Metasploit so far on my contributions page. Even though what I’ve really been doing is just porting PoC exploits from Exploit-DB, it’s provided a great learning experience with how the Metasploit Framework actually works. For one of the modules I had to dive deep into the frameworks core and try to figure out how SEH and it’s egghunter work, which was huge to me as I really had just learned how egghunting really worked. Read More...

2016 Update

published on
I really should get better about posting more than once a year, but everyone says that. Maybe now that I’m done taking classes, I’ll be able to focus on more stuff I want to do and post some of my more interesting findings here. Master of Science So my biggest and most recent update is that I’ve finally acquired my Master of Science degree from Illinois State University with a focus on Network and Security Management. Read More...

Contributions

published on
Here’s a list of contributions that I’ve made to various websites or projects. Metasploit PCMAN FTP Server Buffer Overflow - PUT Command Metasploit exploit Disk Pulse Enterprise Login Buffer Overflow WinaXe 7.7 FTP Client Remote Buffer Overflow Random Programming Reads data from /etc/passwd to /tmp/outfile shellcode for x86-64 Linux

Hey, I did the OSCP!

published on
So over the past handful of months I’ve been taking some time and worked on the Penetration Testing with Kali Linux training, which in turn I took the Offensive Security Certified Professional exam! It took a while for me to be able to work through all the training, but as of April 27th, 2015, I am OSCP certified! The Training Towards the end of last summer I was able to start the training course, and had two months of lab time. Read More...

DerbyCon 4.0 CTF - TRNDOCS ELF Binary Reverse Engineering and Debugging

published on

So this past weekend I attended DerbyCon 4.0 in Louisville, Kentucky, and was lucky enough to play the CTF along side the @bsjtf team. We were able to place 16th out of the 77 point scoring teams/individuals, which is pretty damn good I’d say. This write-up will be for a reversing challenge I solved, adding 450 points to the teams total.

Read More...

BSides Chicago 2014 CTF -- Cleaning Product Request

published on

At BSides Chicago 2014 this weekend I participated in the Tricity BSJTF CTF with team Penguins. One of the challenges that caused me the most rage and an epic face-palm once I figured it out was the “Cleaning Product Request” easy web challenge. Yes, I know, it was an “easy” challenge. I was just over thinking it and kept beating my head against the wall. > BEGIN TRANSMISSION

Read More...

New Blog with Octopress

published on
Well, this is embarrassing. A few weeks ago I decided to change things up a bit on my server, move from Ubuntu to Arch Linux, reconfigure a few things and do some clean-up. Well, apparently past Chris decided it would be a grand idea to forget to copy over my back-up files to a disk that wasn’t about to be blown away… How awakward. I thought to use photorec and try to recover my missing data. Read More...

BSides Chicago 2013 CTF Challenge 31 Write Up

published on

The BSides Chicago 2013 CTF was a fun one and quite the learning experience, so here’s my first ever write up and it’s going to be on challenge #31, easy reverse engineering on a .NET console application.

Read More...

Thotcon 0x4 and BSides Chicago 2013

published on
So this past weekend I was in Chicago for Thotcon 0×4 and BSides Chicago 2013. Quite fun stuff since I haven’t been to a con since Derbycon. I was really looking forward to catching up with some people, checking out some talks, and participating in the CTF at BSides. Friday rolls around, we head to Thotcon and get all sorts of checked in. Those badges were really flippin’ sweet. Read More...

Google Cloud Messaging through PHP

published on

A few weeks ago I ran into an article on how to use Google Cloud Messaging with the .NET Framework. That got me thinking, and I wanted to give it a shot in PHP, it couldn’t be too bad right? So, here’s just some simple code on crafting the POST request to send to a specified Android device. All you need to do is supply your own various IDs from Google and whatever Android device you want to send to (as long as it’s registered) and you’re all set. Take a look at my code:

Read More...