Fuzzing Fuzzing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a program. The program is then monitored for exceptions such as ...

A deep dive into CVE-2025-53630 in Llama.cpp, analyzing how malformed GGUF model inputs lead to a crash. This post walks through reversing the parser, identifying the root cause, and understanding how the bug can be triggered in practice.

An in-depth analysis of CVE-2024-22857 in zlog, focusing on the underlying memory corruption issue. I traced the bug from input handling to crash, using debugging techniques to uncover the root cause and assess its impact.

This post explores CVE-2017-14493 in dnsmasq, following the path from crafted network packets to application crash. Through dynamic analysis and code inspection, we uncover the root cause and examine how the vulnerability is triggered.

YET ANOTHER NOTE TAKER About the binary The binary t1b4n3@debian:~/ctf/pascalctf/yetanothernotetaker/challenge$ file notetaker notetaker: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dyn...

File Structure Exploitation is a binary exploitation technique that uses GLIBC file streams structures to gain code execution. It has become popular since pointers like __malloc_hook, __free_hook, ...

I was looking for some CTFs to play during the weekend then I saw that NexHunt CTF had a few hours left so I joined the CTF with about 3 hours left until the CTF ends. I was only able to solve 2 p...

Explanation of large bin attack

House of Force This is a older exploitation technique that works on glibc 2.27 and lower. The goal of the house of force is to get malloc() to return a arbitrary value/address by overwriting the ...

Explanation on how off-by-one vulnerability on the heap can lead to RCE