Posts
[NorthSec CTF 2023] - Desk Surveillance Publisher
·10 mins
CTF writeups
ROP
autopwn
angr
Cameras are down. Not the endpoint installing their firmwares. Open socket here. Could analyze some outdated firmwares.
[RITSEC CTF 2023] - Steg as a Service
·10 mins
CTF writeups
ROP
BinDiff
Can you try exploiting our shady copy of steghide so that we can convince our managers to update the binary?
Deep dive into FSOP
·16 mins
Research
FSOP
angr
File Stream Oriented Programming (FSOP) is a binary exploitation technique that uses GLIBC file stream structures to gain code execution from memory corruption.
[Real World CTF 5th] - tinyvm
·15 mins
CTF writeups
VM
FSOP
This is a CTF challenge called TinyVM. The author is very lazy, not wanting to write a description of the challenge, and the code is directly cloned from https://github[.]com/jakogut/tinyvm.
[SecurityFest CTF 2022] - krupt
·10 mins
CTF writeups
kernel
syscalls
The key to r00t is ZcZQndRX or was it DE7NUC6l? Wait, it was r2JLegUE. Eh, you’ll figure it out.
[NorthSec CTF 2022] - Shellcode sandbox
·17 mins
CTF writeups
process injection
shellcoding
I’ve been told that there’s a service running in our infrastructure used by the API team to offload part of their computations. I have a bad feeling about it! Could you take a look at it and make sure it’s safe? There’s a rumour going around that there’s confidential information in some file named
flag.txt
.
[Real World CTF 4th] - SVME
·5 mins
CTF writeups
VM
ROP
Professor Terence Parr has taught us how to build a virtual machine. Now it’s time to break it!
[DefCamp CTF 2022] - blinsight
·8 mins
CTF writeups
blind PWN
ROP
Hunting for eggs!
[Hackfest 2020 CTF] - salt2
·4 mins
CTF writeups
format strings
This challenge was the only PWN challenge of the Hackfest 2020 CTF.