Solved with @jorge and @s3np41k1r1t0 Points: dynamic Solves: 20 TL;DR Find a UAF in the midnight() method for JS typed arrays Exploit the UAF to get a libc leak Exploit the UAF to p...

The second rendition of the Glibc’s Heap Basics and How to Exploit it* lecture. We covered the following topics: Chunks and chunk implementation Coalescing Main arena and Bins Tcache Co...

Points: 484 (dynamic) Solves: 53 Description: We have a very safe core with a very safe enclave Problem: Server We are given a server.py file that is running on the server that reads user i...

With Jorge and jofra Points: 460 (dynamic) TL;DR Null byte overflow on heap chunk Free overflown chunk Overwrite ptr array Write printf@plt on free@got to obtain a libc leak Write syst...

Lecture with Jorge on Glibc’s Heap basics and how to exploit it. We covered the following topics: Chunks and chunk implementation Coalescing Main arena and Bins Tcache Common attacks ...

Tools: Python source code This tool analyses python code slices and reports on illegal information flows by performing Taint Analysis, a form of Static Analysis. It was developed as a Software...

With Jorge Points: 303 (dynamic) Solves: 18 TL;DR Only two Format String vulnerability allowed. Use first Format String to bypass PIE mitigation Use second Format String to: cha...

Points: 332 (dynamic) Solves: 43 TLDR Overflow to bypass login Exfiltrate all relevant files (challenge binary and libc) Format string to change the name of the file to be download...

With jofra Points: 300 Solves: 41 Description: I make sure never to use scanf(“%s”) when doing competitive programming so that my solutions don’t have buffer overflows. But writing algori...

Grade: 19/20 Tools: Python Agent for solving Solitaire Puzzle Game given a board state Bayesian Network Module and Reinforcement Learning (Q-learning) implementation