Posts
OFF-BY-NULL to Docker Escaping: CorJail (CorCTF 2022)
pipe_buffer AAR/AAW: wall-rose (HITCON 2023)
A simple and hard challenge for micro-arch, kernel exploitation, and syscall: Sysruption (corCTF 2023)
UAF Exploitation in Linux Kernel (6.9.1): kUlele (crewCTF 2024)
UAF Exploitation in Userspace (glibc-2.35): Ulele (crewCTF 2024)
OOB on a Page Struct Array: Faulty Kernel (DownUnderCTF 2024)
Limit Heap Overflow to Root with Cred (OOB Fengshui Crafting) /Pipe_buffer (Pipe Buffer AAR/AAW): Cache of Castaways (corCTF 2022)
Learn UAF-Free-Leak, Retspill, and FG-KASLR bypassing from a CTF challenge: Wall of Perdition (corCTF 2021)
Learn Kernel Heap Cross Page Overwrite and Page Level Fengshui from a CTF challenge: IPS(VULNCON 2021)
Learn Kernel Heap Freelist Hijacking from a CTF challenge: IPS(VULNCON 2021)
Kernel: Compute Slab Order from Object Size
Understanding Linux x86-64 Paging: How to get the physical address from a virtual address
Learn msg_msg-Kernel-Exploitation from a CTF challenge: IPS(VULNCON 2021)
Introduction of Microarchitecture Exploitation
Kernel Pwn: How to compile Kernel Module?
Why is it so slow to debug kernel pwn challenges on WSL?
Inline Assembly for C
A New Format String Skill and Write-Up for HITCON 23: Wall Sina
Qemu Userspace Debugging
[JustCTF-2023] Tic Tac PWN!
[JustCTF-2023] notabug
[DEF CON Qual-2023] Write-Up
[LACTF-2023] Write-Up for Pwn Challenges
[CSAW'22 Qual] My Pwn Challenges
Google CTF 2022 S2: Escape from Google's Monitoring
Guide-of-Seccomp-in-CTF
Introduction of Kernel Pwn: userfaultfd
Introduction of Kernel Pwn: Double Fetch
Introduction of Kernel Pwn: UAF
Introduction of Kernel Pwn: Stack Overflow
XV6: Syscall and Scheduler
XV6: The Boot Procedure
Limit and Pwn the Processes: sbnote in zer0pts CTF 2022
XV6: How to write a shell
Communication of Processes in Linux - Isolated
Who Moved My Block-Real World Stack Overflow
Address Sanitize Intro
V8 OOB
0CTF/TCTF 2021 NaiveHeap
Virtual Machine Escaping:VM note
Off By Half Byte:Baby-Dairy
How do free&malloc work
Punch Man
Qwb2021
Ret2dlresolve
Re-alloc-Revenge
Setcontext
New_Features_In_Glibc-2.29
Re-alloc
App_Hook_in_CTF
Extract_Firmware
Tcache stashing unlink atk
twctf_2018_bbq
ONEPUNCH
UAF With Out One_gadget
OFF-BY-ONE:TYPICAL
IO
OFF_BY_ONE:2.2n
RCTF2019_syscall_interface
Null
RCTF2019_shellcoder
RCTF2019_Babyheap
BUFFER
EXIT_HCTF2018_the_end
Starctf2019_Heap_master
House Of Storm
Starctf2019_upxofcpp
Patch4Pwn
OFF_BY_ONE
SROP_SMALLEST
Relro_Review
string&vector
House_of_force
House-of-Roman
House of Orange
House of Spirit
auxv:origin_of_canaries
mno2
pwnable-tw Trip
BCTF2018:house_of_atum
BCTF2018:three
IO_FILE:pwn_Stdout
Canary
GETS_THE_SHELL
NUCA:Steak
LCTF2018:Easy_heap
Hitcon:children_tcache
x86_stack_migration:Hack
Hitcon:baby_tcache
double free or corrupttion
XCTF-final-2018-nobof
XCTF-final-2018:PUBG
IO_FILE ALl_in_one
chall2-bank
Kamikaze
BABY OFFBYONE
Stack-Migaration
Hook_magic
IO_FILE:_IO_buf_base
QCTF-2018-Pwn-Wp
QCTF-2018-Web-Wp
QCTF_2018_Misc_Wp
Shellcode 's Magic
LOG for AD2018-6-16
startCTF 2018 Babystack :thread stack bypass canary
Relro!
How to compile a glibc
Basic Pwn train (stack)
basic fmtstr
static link
Debug With GDB
base64 encode / python
Kernel Notes
CheatCode
subscribe via RSS