Welcome to my blog! Here I share my research, writeups, and thoughts on cybersecurity.
Cross Cache Attacks
A WorkInProgress writeup for studying CrossCache attacks in the Linux kernel SLUB allocator. Reference Material SLUB https://events.static.linu...
Astralogy
A 0 day in Astral OS, for Kalmar CTF 2026. > Do you believe in horoscopes? Me neither. Anyways, have fun breaking yet another hobby OS : <br /> > >...
extended-eBPF
> I extended the eBPF because its cool.<br /><br /> > Note: You can log in as the ctf user<br /><br /> > nc 34.26.243.6 5000<br /><br /> > Author: Whi...
Patriot CTF 2025
switchboard Analysis We are given the following kernel module c include <linux/errno.h> include <linux/fs.h> include <linux/init.h> include <linux...
Understanding Dynamic Linking with Blind PWN
Buckeye 2025 was a really fun CTF with very interesting challenges. I was also very happy to see my team ranked 7 on the scoreboardhttps://ctftime.org...
N1 CTF 2025
pwn/ktou > forgot to copy description > > Attachment: attachment.zip Analysis We are provided the following files sh $ file bzImage: Linux ke...
Dirty Pipe (CVE-2022-0847)
Impact: Local privilege escalation Type: Arbitrary File Write Why: Similar to Dirty COW, but newer and easier to exploit v5.8 <= affected kernels <...
DownUnderCTF 2025
fakeobj.py Description > Dear VulnX, > > send me your best fake snake object > > Regards, > > joseph > > AU: nc chal.2025.ductf.net 30001 > > US...
House of Einherjar
How it works House of Einherjar is a goto method for heap exploitation in case of a single NULL byte overflow vulnerability. It can be used to obta...
Kernel kickstart
Environment setup bash !/bin/bash mkdir initramfs cp initramfs.cpio.gz initramfs cd initramfs gzip d initramfs.cpio.gz cpio idmv < initramfs.cpio rm...
Make Stack Executable Again
Background Suppose you have pwned a process and can execute your ROP chain, that seems great at first because now you can pop a shell right? But what...
Arenas and Chunks
Arena : An arena is a memory management structure in glibc's malloc implementation that manages a contiguous region of memory from the heap. It organi...
Introduction to Heap
> This series is about the GNU allocatorhttps://www.gnu.org/software/libc/manual/2.34/html_node/TheGNUAllocator.html {: .promptinfo } > Some informat...
Pentathon 2025
Vault Fault Explanation {% include embed/youtube.html id='mv4NqTNaEI' %} Solution c include <stdio.h> include <stdlib.h> include <time.h> int m...
Kernel Adventures Part 1
Explanation {% include embed/youtube.html id='i1C9GRfMtYE' %} Solution c // Compile with: muslgcc static o exploit exploit.c include <fcntl.h> inc...
UofTCTF 2025
Baby pwn > Here's a baby pwn challenge for you to try out. Can you get the flag? > > nc 34.162.142.123 5000 > > Author: atom c void secret { p...
PWN cheatsheet
> I will keep updating this as and when I learn more. {: .prompttip } > I assume you are already familiar and comfortable with the linux ecosystem an...
Amateurs CTF 2024
jail/javajail1 > Good luck getting anything to run. <br> > nc chal.amt.rs 2103 Analysis python !/usr/local/bin/python3 import subprocess BANNED...
Cyber Apocalypse 2024 - Hacker Royale
Overall a very nice CTF with a good difficulty curve and well made challenges. I managed to solve 7/10 pwn and 1 reversing challenge. pwn/Tutorial...
UofTCTF 2024
pwn/basicoverflow Challenge This challenge is simple. It just gets input, stores it to a buffer. It calls gets to read input, stores the read byt...
BackdoorCTF 2023
pwn/Marks The Challenge Score 100/100 to pass this exam Attachments: marks.zip nc 34.70.212.151 8004 The Solution Here's what happens when we...
SunshineCTF 2023
pwn/Array Of Sunshine The Challenge Sunshine on my shoulders makes me happy... Haiku to Sunshine ChatGPT ☀️ A sunbeam kisses Golden warmth in ever...
PatriotCTF 2023
pwn/printshop The Challenge That print shop down the road is useless, can you make it do something interesting? Attachment : printshop The Solut...
UrmiaCTF 2023
steganography/Deb File \| The old Systems The Challenge Can you believe it? people still use linux? after the emerge of Evil E computers, nobody bo...