[CVE-2017-14493 ] Root Cause Analysis on vulnerable dnsmasq software. This is my first step of moving from CTFs to Real World Vulnerabilities. My goal is to move from exploiting CTFs to real worl...

YET ANOTHER NOTE TAKER About the binary The binary t1b4n3@debian:~/ctf/pascalctf/yetanothernotetaker/challenge$ file notetaker notetaker: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dyn...

File Structure Exploitation is a binary exploitation technique that uses GLIBC file streams structures to gain code execution. It has become popular since pointers like __malloc_hook, __free_hook, ...

I was looking for some CTFs to play during the weekend then I saw that NexHunt CTF had a few hours left so I joined the CTF with about 3 hours left until the CTF ends. I was only able to solve 2 p...

Explanation of large bin attack

House of Force This is a older exploitation technique that works on glibc 2.27 and lower. The goal of the house of force is to get malloc() to return a arbitrary value/address by overwriting the ...

Explanation on how off-by-one vulnerability on the heap can lead to RCE

House of spirit attack allows us to get malloc to return a fake chunk to a region we have some control over (such as the bss or stack). Goal Add a attacker controlled buffer into the tcache/fastb...

Steps Allocate 10 chunks. 7 chunk to fill tcache bins chunk 8 will be used later for later consolidation chunk 9 is the victim chunk chunk 10 is to prevent consolid...

About The binary The binary is dynamically linked, and has all security mitigations turned on. Reversing main int main() { void* fsbase int64_t canary = *(fsbase + 0x28) setup() puts("What ...