Blog

• StringIPC: where poweroff and gettimeofday mean #(uid=0) reverse shell Pwn - Kernel

  This last blog of the year aims to be my best written and most detailed article, where I show techniques that are not too well known (could it have been solved in a simpler way? Yes, but I’m a masochist :).

• SIGSEGV??? Thanks I'll be root Pwn - Kernel

  ##K3RN3L CTF 2021 easy kernel In this blog I will use this “easyish” challenge to introduce a cool technique that exploit SIGNAL HANDLER.

• Windows of Opportunity - Imaginary CTF 2023 Pwn - Kernel

  ##IMAGINARY CTF 2023 - Windows of Opportunity

  Continuing this series of linux kernel exploitation, today we will explore , as title suggests, Windows of opportunity from Imaginary CTF 2023!

• Kernel ROP hxp ctf 2020 Pwn - Kernel

  ##Kernel ROP, the ‘starting point’ of kernel pwn

  The first week of October 2023 I had the amazing opportunity to take part to Andrey Konovalov’s Training (“Attacking the Linux Kernel”) thanks to hexacon organizers…

  When I returned home I played some ctf challenge involving kernel exploitation but I didn’t have enough time to write a blog on them because of uni… If someone have ever searched linux kernel exploitation most of the blogposts speak about this chall (kernel-rop hxp CTF 2020)

• A pwn2own like chall? Vuln-Research

  #ARMless Router IoT: ARMlessRouter ⭐

  This pwn2own-style challenge will allow you to remotely compromise an ARM router.

  • 1. Map the attack surface
  • 1. Exploit the vulnerable service
  • 1. Retrieve the flag
• Writeup Hacker's Playground 2023 Pwn

  #Hacker’s Playground 2023

  This ‘weekend’ (12 hours, for me 4!) Samsung Research Security Team hosted a ctf, despite this weekend was full of events I decided to play solo the Samsun’s one and at the end of the day I did 5/7 pwn challs (not too bad for a noob!).

• Writeup LIT CTF:My Pet Canary's Birthday Pie Pwn

  #My Pet Canary’s Birthday Pie [LIT CTF 2023] My Pet Canary’s Birthday Pie (Lexington Informatics Tournament 2023)

  Description

  Here is my first c program! I’ve heard about lots of security features in c, whatever they do. The point is, c looks like a very secure language to me! Try breaking it.

• Writeup Google CTF: write-flag-where Pwn

  #write-flag-where [Google CTF 2023]

  Description:

  This challenge is not a classical pwn In order to solve it will take skills of your own An excellent primitive you get for free Choose an address and I will write what I see But the author is cursed or perhaps it’s just out of spite For the flag that you seek is the thing you will write ASLR isn’t the challenge so I’ll tell you what I’ll give you my mappings so that you’ll have a shot.

• Random Number You Say? Let's Break Them! Pwn

  #Guessing Random Numbers in CTF

  Although the challenges are a bit old, I think they are instructive since they include both cases (with a leaked seed, and without a leak). I’m talking about unlucky of tamuCTF of 2023 and random of TFC CTF of 2023, and a bonus chall that involves srand and rand!