Buckeye 2025 was a really fun CTF with very interesting challenges. I was also very happy to see my team ranked #7 on the scoreboard. printf No files… 🙃 ncat --ssl printful.challs.pwnoh.io ...

pwn/ktou (forgot to copy description) Attachment: attachment.zip Analysis We are provided the following files $ file * bzImage: Linux kernel x86 boot executable, bzImage, version 6.2....

Impact: Local privilege escalation Type: Arbitrary File Write Why: Similar to Dirty COW, but newer and easier to exploit v5.8 <= affected kernels < 5.10.102, 5.15.25, 5.16.11 Fix: ...

fakeobj.py Description Dear VulnX, send me your best fake snake object Regards, joseph AU: nc chal.2025.ductf.net 30001 US: nc chal.2025-us.ductf.net 30001 Attachments: fakeo...

How it works House of Einherjar is a go-to method for heap exploitation in case of a single NULL byte overflow vulnerability. It can be used to obtain overlapping chunks Which can further b...

Environment setup #!/bin/bash mkdir initramfs cp initramfs.cpio.gz initramfs cd initramfs gzip -d initramfs.cpio.gz cpio -idmv < initramfs.cpio rm initramfs.cpio cd .. #!/bin/bash cd initramf...

Background Suppose you have pwned a process and can execute your ROP chain, that seems great at first because now you can pop a shell right? But what if: You don’t have enough gadgets for popp...

Arena An arena is a memory management structure in glibc’s malloc implementation that manages a contiguous region of memory from the heap. It organizes memory into chunks, provides synchroniza...

This series is about the GNU allocator Some information might be incorrect as I am creating these posts while learning myself What is heap? Heap Heap is a region of memory divided i...

Vault Fault Explanation Solution #include <stdio.h> #include <stdlib.h> #include <time.h> int main() { srand(time(NULL) / 5); printf("%c", rand() % 256); } #!/usr/...