Search by tag

---

• ductf2020 pwn-or-web v8 challenge

  This was a great javascript engine exploitation challenge which had a nice mix of traditional ctf exploitation elements and v8 specific details. Would recommend giving it a go if you’re starting out learning about js engines!

• pwn-playground

  Small environment to practice exploitation techniques without many restrictions

• TG:HACK 2020 'useless crap' writeup

  This was a fun ctf, even though I spent most of my time on a single challenge (called ‘useless crap’). I learned a lot doing this challenge, and thought I would make a writeup because as far as I know (from the 2 places I’ve looked) this is a unique solution to the problem, and has some cool tricks.

• FILE exploitation

  Recently I came across a ctf challenge that was exploited by corrupting glibc FILE structures/operations (the bookface challenge in angstromctf2020). I hadn’t come across this type of exploitation before, so I did some more reading on the topic

  Corrupting or forging FILE structures can result in arbitrary read/write primitives and code execution, which makes it a cool topic to know about.

• Secedu ctf 2019

  I participated in the Secedu ctf event in 2019 on the 1st November as part of the blue team (in name alone). I was part of the group in the team focusing on binary exploitation, while the other group focused on the web challenges. We managed to solve 2 binary challenges on the day, with the web group solving quite a few more. We ended up winning the competition at the end of the day, it was a great experience!

• Picoctf2019

  Pico was a fun ctf that had a wide range of challenges, from absolute beginner to some nontrivial (for me) heap exploitation.

  I decided to pick out a few of these challenges from the binary exploitation category, make writeups for them and cover some basic exploitation concepts from the point of view of a beginner with only a small amount of programming experience.