Posts

[NorthSec CTF 2023] - Desk Surveillance Publisher

1 June 2023·10 mins

CTF writeups ROP autopwn angr

Cameras are down. Not the endpoint installing their firmwares. Open socket here. Could analyze some outdated firmwares.

[RITSEC CTF 2023] - Steg as a Service

6 April 2023·10 mins

CTF writeups ROP BinDiff

Can you try exploiting our shady copy of steghide so that we can convince our managers to update the binary?

Deep dive into FSOP

13 March 2023·16 mins

Research FSOP angr

File Stream Oriented Programming (FSOP) is a binary exploitation technique that uses GLIBC file stream structures to gain code execution from memory corruption.

[Real World CTF 5th] - tinyvm

16 January 2023·15 mins

CTF writeups VM FSOP

This is a CTF challenge called TinyVM. The author is very lazy, not wanting to write a description of the challenge, and the code is directly cloned from https://github[.]com/jakogut/tinyvm.

[SecurityFest CTF 2022] - krupt

4 June 2022·10 mins

CTF writeups kernel syscalls

The key to r00t is ZcZQndRX or was it DE7NUC6l? Wait, it was r2JLegUE. Eh, you’ll figure it out.

[NorthSec CTF 2022] - Shellcode sandbox

24 May 2022·17 mins

CTF writeups process injection shellcoding

I’ve been told that there’s a service running in our infrastructure used by the API team to offload part of their computations. I have a bad feeling about it! Could you take a look at it and make sure it’s safe? There’s a rumour going around that there’s confidential information in some file named flag.txt.

[Real World CTF 4th] - SVME

27 January 2022·5 mins

CTF writeups VM ROP

Professor Terence Parr has taught us how to build a virtual machine. Now it’s time to break it!

[DefCamp CTF 2022] - blinsight

22 March 2021·8 mins

CTF writeups blind PWN ROP

Hunting for eggs!

[Hackfest 2020 CTF] - salt2

9 January 2021·4 mins

CTF writeups format strings

This challenge was the only PWN challenge of the Hackfest 2020 CTF.