Posts
-
OFF-BY-NULL to Docker Escaping: CorJail (CorCTF 2022)
-
pipe_buffer AAR/AAW: wall-rose (HITCON 2023)
-
A simple and hard challenge for micro-arch, kernel exploitation, and syscall: Sysruption (corCTF 2023)
-
UAF Exploitation in Linux Kernel (6.9.1): kUlele (crewCTF 2024)
-
UAF Exploitation in Userspace (glibc-2.35): Ulele (crewCTF 2024)
-
OOB on a Page Struct Array: Faulty Kernel (DownUnderCTF 2024)
-
Limit Heap Overflow to Root with Cred (OOB Fengshui Crafting) /Pipe_buffer (Pipe Buffer AAR/AAW): Cache of Castaways (corCTF 2022)
-
Learn UAF-Free-Leak, Retspill, and FG-KASLR bypassing from a CTF challenge: Wall of Perdition (corCTF 2021)
-
Learn Kernel Heap Cross Page Overwrite and Page Level Fengshui from a CTF challenge: IPS(VULNCON 2021)
-
Learn Kernel Heap Freelist Hijacking from a CTF challenge: IPS(VULNCON 2021)
-
Kernel: Compute Slab Order from Object Size
-
Understanding Linux x86-64 Paging: How to get the physical address from a virtual address
-
Learn msg_msg-Kernel-Exploitation from a CTF challenge: IPS(VULNCON 2021)
-
Introduction of Microarchitecture Exploitation
-
Kernel Pwn: How to compile Kernel Module?
-
Why is it so slow to debug kernel pwn challenges on WSL?
-
Inline Assembly for C
-
A New Format String Skill and Write-Up for HITCON 23: Wall Sina
-
Qemu Userspace Debugging
-
[JustCTF-2023] Tic Tac PWN!
-
[JustCTF-2023] notabug
-
[DEF CON Qual-2023] Write-Up
-
[LACTF-2023] Write-Up for Pwn Challenges
-
[CSAW'22 Qual] My Pwn Challenges
-
Google CTF 2022 S2: Escape from Google's Monitoring
-
Guide-of-Seccomp-in-CTF
-
Introduction of Kernel Pwn: userfaultfd
-
Introduction of Kernel Pwn: Double Fetch
-
Introduction of Kernel Pwn: UAF
-
Introduction of Kernel Pwn: Stack Overflow
-
XV6: Syscall and Scheduler
-
XV6: The Boot Procedure
-
Limit and Pwn the Processes: sbnote in zer0pts CTF 2022
-
XV6: How to write a shell
-
Communication of Processes in Linux - Isolated
-
Who Moved My Block-Real World Stack Overflow
-
Address Sanitize Intro
-
V8 OOB
-
0CTF/TCTF 2021 NaiveHeap
-
Virtual Machine Escaping:VM note
-
Off By Half Byte:Baby-Dairy
-
How do free&malloc work
-
Punch Man
-
Qwb2021
-
Ret2dlresolve
-
Re-alloc-Revenge
-
Setcontext
-
New_Features_In_Glibc-2.29
-
Re-alloc
-
App_Hook_in_CTF
-
Extract_Firmware
-
Tcache stashing unlink atk
-
twctf_2018_bbq
-
ONEPUNCH
-
UAF With Out One_gadget
-
OFF-BY-ONE:TYPICAL
-
IO
-
OFF_BY_ONE:2.2n
-
RCTF2019_syscall_interface
-
Null
-
RCTF2019_shellcoder
-
RCTF2019_Babyheap
-
BUFFER
-
EXIT_HCTF2018_the_end
-
Starctf2019_Heap_master
-
House Of Storm
-
Starctf2019_upxofcpp
-
Patch4Pwn
-
OFF_BY_ONE
-
SROP_SMALLEST
-
Relro_Review
-
string&vector
-
House_of_force
-
House-of-Roman
-
House of Orange
-
House of Spirit
-
auxv:origin_of_canaries
-
mno2
-
pwnable-tw Trip
-
BCTF2018:house_of_atum
-
BCTF2018:three
-
IO_FILE:pwn_Stdout
-
Canary
-
GETS_THE_SHELL
-
NUCA:Steak
-
LCTF2018:Easy_heap
-
Hitcon:children_tcache
-
x86_stack_migration:Hack
-
Hitcon:baby_tcache
-
double free or corrupttion
-
XCTF-final-2018-nobof
-
XCTF-final-2018:PUBG
-
IO_FILE ALl_in_one
-
chall2-bank
-
Kamikaze
-
BABY OFFBYONE
-
Stack-Migaration
-
Hook_magic
-
IO_FILE:_IO_buf_base
-
QCTF-2018-Pwn-Wp
-
QCTF-2018-Web-Wp
-
QCTF_2018_Misc_Wp
-
Shellcode 's Magic
-
LOG for AD2018-6-16
-
startCTF 2018 Babystack :thread stack bypass canary
-
Relro!
-
How to compile a glibc
-
Basic Pwn train (stack)
-
basic fmtstr
-
static link
-
Debug With GDB
-
base64 encode / python
-
Kernel Notes
-
CheatCode
subscribe via RSS