Solved with @jorge and @s3np41k1r1t0 Points: dynamic Solves: 20 TL;DR Find a UAF in the midnight() method for JS typed arrays Exploit the UAF to get a libc leak Exploit the UAF to p...
Heap Basics Lecture - 2022
The second rendition of the Glibc’s Heap Basics and How to Exploit it* lecture. We covered the following topics: Chunks and chunk implementation Coalescing Main arena and Bins Tcache Co...
ncore -- CSAW Quals 2021
Points: 484 (dynamic) Solves: 53 Description: We have a very safe core with a very safe enclave Problem: Server We are given a server.py file that is running on the server that reads user i...
Dark Honya -- nullcon HackIM 2020
With Jorge and jofra Points: 460 (dynamic) TL;DR Null byte overflow on heap chunk Free overflown chunk Overwrite ptr array Write printf@plt on free@got to obtain a libc leak Write syst...
Heap Exploitation Lecture
Lecture with Jorge on Glibc’s Heap basics and how to exploit it. We covered the following topics: Chunks and chunk implementation Coalescing Main arena and Bins Tcache Common attacks ...
Software Security - Taint Analysis
Tools: Python source code This tool analyses python code slices and reports on illegal information flows by performing Taint Analysis, a form of Static Analysis. It was developed as a Software...
Random Vault -- Pwn2Win 2019 CTF
With Jorge Points: 303 (dynamic) Solves: 18 TL;DR Only two Format String vulnerability allowed. Use first Format String to bypass PIE mitigation Use second Format String to: cha...
lazy -- SECCON 2019 Online CTF
Points: 332 (dynamic) Solves: 43 TLDR Overflow to bypass login Exfiltrate all relevant files (challenge binary and libc) Format string to change the name of the file to be download...
SPlaid Birch -- Plaid CTF 2019
With jofra Points: 300 Solves: 41 Description: I make sure never to use scanf(“%s”) when doing competitive programming so that my solutions don’t have buffer overflows. But writing algori...
Artificial Intelligence Course Project
Grade: 19/20 Tools: Python Agent for solving Solitaire Puzzle Game given a board state Bayesian Network Module and Reinforcement Learning (Q-learning) implementation