CVE Blog Projects Awards About

Blog

All posts

Published at

Dec 17, 2024

NiteCTF 2024 - QEMU Guest to Host VM Escape

linux ctf
Published at

Dec 17, 2024

Pwn2Own 2025 - Attacking the Lorex 2K Indoor Wi-Fi Security Camera

linux
Published at

Mar 21, 2024

Wolv CTF 2024 pwn writeup

linux ctf rop format-string

Pwn challenges writeup from Wolv CTF 2024. The Pwn challenges were beginner friendly with an interesting challenge CString.
Published at

Dec 24, 2023

Pawnyable Linux Kernel Exploitation series

linux kernel use-after-free race-condition rop heap

Learn the internals of modern linux kernel exploitation bypassing all the mitigations like SMAP, SMEP, KPTI, KASLR. The blogpost contains a linux kernel exploitation series covering variety of bugs and exploitation techniques.
Published at

Oct 2, 2022

Sekai CTF 2022 gets writeup

linux ctf rop

Challenge writeup for the gets challenge from Sekai CTF 2022 created by me. I found a way to gain Remote-Code-Execution bypassing the hardening of latest gcc compilers which doesn't provide any useful ROP gadgets. The exploit technique in this challenge details on using just a pop rdi gadget combining with gets() to craft powerful assembly instructions and achieve Remote-Code-Execution.