Search by tag
-
ductf2020 pwn-or-web v8 challenge
This was a great javascript engine exploitation challenge which had a nice mix of traditional ctf exploitation elements and v8 specific details. Would recommend giving it a go if you’re starting out learning about js engines!
-
pwn-playground
Small environment to practice exploitation techniques without many restrictions
-
TG:HACK 2020 'useless crap' writeup
This was a fun ctf, even though I spent most of my time on a single challenge (called ‘useless crap’). I learned a lot doing this challenge, and thought I would make a writeup because as far as I know (from the 2 places I’ve looked) this is a unique solution to the problem, and has some cool tricks.
-
FILE exploitation
Recently I came across a ctf challenge that was exploited by corrupting glibc FILE structures/operations (the bookface challenge in angstromctf2020). I hadn’t come across this type of exploitation before, so I did some more reading on the topic
Corrupting or forging FILE structures can result in arbitrary read/write primitives and code execution, which makes it a cool topic to know about.
-
Secedu ctf 2019
I participated in the Secedu ctf event in 2019 on the 1st November as part of the blue team (in name alone). I was part of the group in the team focusing on binary exploitation, while the other group focused on the web challenges. We managed to solve 2 binary challenges on the day, with the web group solving quite a few more. We ended up winning the competition at the end of the day, it was a great experience!
-
Picoctf2019
Pico was a fun ctf that had a wide range of challenges, from absolute beginner to some nontrivial (for me) heap exploitation.
I decided to pick out a few of these challenges from the binary exploitation category, make writeups for them and cover some basic exploitation concepts from the point of view of a beginner with only a small amount of programming experience.