0xf4de Blog

0xf4de Blog https://blog.0xf4de.com/blog Offensive security, C2 infrastructure, shellcode, and lab builds from 0xf4de. en-us (Chad Wilson) (Chad Wilson) Fri, 06 Mar 2026 00:00:00 GMT https://blog.0xf4de.com/blog/writing-a-stager Writing a Stager https://blog.0xf4de.com/blog/writing-a-stager We build a shellcode stager in C that fetches Apollo over the network in chunks, loads it with NT-layer calls, and executes it. Along the way we get into SSNs, indirect syscalls, what your call stack looks like to a defender, and why your stager and C2 redirectors should never be the same box. Fri, 06 Mar 2026 00:00:00 GMT (Chad Wilson) c2mythicstagersshellcodeindirect-syscallsred-teamoffensiveedr https://blog.0xf4de.com/blog/south-park-ludus-range Building the South Park Range with Ludus https://blog.0xf4de.com/blog/south-park-ludus-range Stand up the South Park range on Ludus. AD environment, a Debian redirector, and a Kali C2 box wired together the way a real engagement looks. Wed, 12 Nov 2025 00:00:00 GMT (Chad Wilson) ludushomelabred-teamactive-directorymythicc2redirectoroffensive https://blog.0xf4de.com/blog/stagers-agents-and-the-chain-between-them Stagers, Agents, and the Chain Between Them https://blog.0xf4de.com/blog/stagers-agents-and-the-chain-between-them An intro to modern C2 infrastructure. We cover the moving parts of a post-exploitation chain, how stagers and agents fit together, and why the Metasploit model is not what modern red teams reach for. Mon, 27 Oct 2025 00:00:00 GMT (Chad Wilson) c2mythicimplantsstagersred-teamoffensive https://blog.0xf4de.com/blog/cve-research/CVE-2024-27198 TeamCity Authentication Bypass Vulnerability - CVE-2024-27198 https://blog.0xf4de.com/blog/cve-research/CVE-2024-27198 Learn how to exploit CVE-2024-27198, a critical authentication bypass vulnerability found in JetBrains TeamCity's web component. Sun, 10 Mar 2024 00:00:00 GMT (Chad Wilson) cveteamcityexploitjetbrains https://blog.0xf4de.com/blog/authentik-sso-with-fastapi Authentik SSO with FastAPI https://blog.0xf4de.com/blog/authentik-sso-with-fastapi Set up Authentik as a self-hosted SSO provider and wire it into the FastAPI todo app. We compare Authentik to Keycloak so you can pick the right tool for your setup. Wed, 20 Sep 2023 00:00:00 GMT (Chad Wilson) fastapiauthentikoauth2ssopythonsecurityhomelab https://blog.0xf4de.com/blog/keycloak-sso-with-fastapi Keycloak SSO with FastAPI https://blog.0xf4de.com/blog/keycloak-sso-with-fastapi Replace our homegrown JWT auth with Keycloak as a dedicated identity provider. We cover standing up Keycloak with Docker, configuring a realm and client, and wiring FastAPI to validate tokens issued by Keycloak. Fri, 15 Sep 2023 00:00:00 GMT (Chad Wilson) fastapikeycloakoauth2ssopythonsecurity https://blog.0xf4de.com/blog/docker-vs-podman-homelab Docker vs Podman: Which One for Your Homelab? https://blog.0xf4de.com/blog/docker-vs-podman-homelab Docker and Podman both run containers, but they have meaningful differences in how they are architected, what permissions they require, and how they behave in a homelab environment. Here is what you need to know to make the right call. Sun, 10 Sep 2023 00:00:00 GMT (Chad Wilson) dockerpodmancontainershomelablinux https://blog.0xf4de.com/blog/build-and-deploy-to-do-app-with-docker Build and Deploy the Todo App with Docker Compose https://blog.0xf4de.com/blog/build-and-deploy-to-do-app-with-docker Package the FastAPI backend and React frontend into Docker containers and wire them together with Docker Compose. We cover SQLite volume mounts, environment variable handling, and what changes for production. Mon, 28 Aug 2023 00:00:00 GMT (Chad Wilson) dockerdocker-composedeploymentsqlitereactfastapi https://blog.0xf4de.com/blog/building-a-user-interface-for-your-to-do-application Building a User Interface for Your To-Do Application https://blog.0xf4de.com/blog/building-a-user-interface-for-your-to-do-application Build the React frontend for our full-stack todo app. We will wire up components, connect to the FastAPI backend, and cover the Web Share API along the way. Sun, 27 Aug 2023 00:00:00 GMT (Chad Wilson) reacttypescriptviteweb-dev https://blog.0xf4de.com/blog/todo-api-creation-with-fastapi Todo API Creation with FastAPI https://blog.0xf4de.com/blog/todo-api-creation-with-fastapi Build a Todo API with FastAPI and SQLite. Step-by-step walkthrough covering database setup with SQLAlchemy, models, routes, and why we make the choices we do. Part one of the full-stack todo app series. Sun, 27 Aug 2023 00:00:00 GMT (Chad Wilson) full-stackreact-python-sqlitesqlitesqlalchemypythonfastapi https://blog.0xf4de.com/blog/fastapi-security Securing FastAPI with OAuth2 and JWT https://blog.0xf4de.com/blog/fastapi-security Add real authentication to the FastAPI todo API using OAuth2 password flow and JWT tokens. We cover password hashing, token issuance, protected routes, and the honest tradeoffs you need to understand before shipping this. Sun, 12 Mar 2023 00:00:00 GMT (Chad Wilson) fastapijwtoauth2pythonsecurity https://blog.0xf4de.com/blog/cve-research/exploiting-printnightmare-cve-2021-34527 Exploiting PrintNightmare CVE-2021-34527 https://blog.0xf4de.com/blog/cve-research/exploiting-printnightmare-cve-2021-34527 Learn how to leverage the Print Spooler vulnerability to gain remote code execution and elevate privileges on Windows machines. This blog post provides a detailed walkthrough of the exploit, the code, and the scenario. Sun, 18 Jul 2021 00:00:00 GMT (Chad Wilson) c++exploitprintnightmarespoolerwaddlecorp