Skip to main content


[NorthSec CTF 2023] - Desk Surveillance Publisher
·10 mins
CTF writeups ROP autopwn angr
Cameras are down. Not the endpoint installing their firmwares. Open socket here. Could analyze some outdated firmwares.
[RITSEC CTF 2023] - Steg as a Service
·10 mins
CTF writeups ROP BinDiff
Can you try exploiting our shady copy of steghide so that we can convince our managers to update the binary?
Deep dive into FSOP
·16 mins
Research FSOP angr
File Stream Oriented Programming (FSOP) is a binary exploitation technique that uses GLIBC file stream structures to gain code execution from memory corruption.
[Real World CTF 5th] - tinyvm
·15 mins
CTF writeups VM FSOP
This is a CTF challenge called TinyVM. The author is very lazy, not wanting to write a description of the challenge, and the code is directly cloned from https://github[.]com/jakogut/tinyvm.
[SecurityFest CTF 2022] - krupt
·10 mins
CTF writeups kernel syscalls
The key to r00t is ZcZQndRX or was it DE7NUC6l? Wait, it was r2JLegUE. Eh, you’ll figure it out.
[NorthSec CTF 2022] - Shellcode sandbox
·17 mins
CTF writeups process injection shellcoding
I’ve been told that there’s a service running in our infrastructure used by the API team to offload part of their computations. I have a bad feeling about it! Could you take a look at it and make sure it’s safe? There’s a rumour going around that there’s confidential information in some file named flag.txt.
[Real World CTF 4th] - SVME
·5 mins
CTF writeups VM ROP
Professor Terence Parr has taught us how to build a virtual machine. Now it’s time to break it!
[DefCamp CTF 2022] - blinsight
·8 mins
CTF writeups blind PWN ROP
Hunting for eggs!
[Hackfest 2020 CTF] - salt2
·4 mins
CTF writeups format strings
This challenge was the only PWN challenge of the Hackfest 2020 CTF.