Explanation of the `fastbin dup` heap exploitation technique

Information/Memory Leaks In Binary Exploitation What is a memory leak? A information/memory leak is any primitive in a binary that reveals bytes from the program’s memory such as addresses, pointe...

Facing a gadget-poor binary? This post reveals how gets() can be your ultimate ROP primitive. By understanding how gets() reuses the existing RDI value from the vulnerable buffer, we can craft prec...

Understanding Tcache Thread Local Caching (Tcache) is a set of bins, organised as singly-linked lists, that are local to each thread. Tcache was made to avoid the need to lock a global arena for f...

Understanding how unlinking happens in libc (old and modern) and how to exploit it

Exploit Write-up: Buffer Overflow with Global Variable Control Challenge Overview In this challenge, we are given a C program that contains a buffer overflow vulnerability in the func() function...

Building a Reproducible Pwn & Reverse Engineering Lab with Docker Spinning up a reliable workspace for reverse engineering and binary exploitation on modern machines can be tricky. Old challen...

UMDCTF Gambling pwn challenge About binary pwn checksec gambling [*] '/home/hacker/REPO/binexp/comp/umdctf/gambling/gambling' Arch: i386-32-little RELRO: Partial RELRO Stack:...

Protostar Stack Writeups Stack 0 GOAL : Modify a variable 0x08048405 <+17>: lea eax,[esp+0x1c] 0x08048409 <+21>: mov DWORD PTR [esp],eax 0x0804840c <+24>: call 0x804830...