rop

Pwn challenges writeup from Wolv CTF 2024. The Pwn challenges were beginner friendly with an interesting challenge CString.

Learn the internals of modern linux kernel exploitation bypassing all the mitigations like SMAP, SMEP, KPTI, KASLR. The blogpost contains a linux kernel exploitation series covering variety of bugs and exploitation techniques.

Challenge writeup for the gets challenge from Sekai CTF 2022 created by me. I found a way to gain Remote-Code-Execution bypassing the hardening of latest gcc compilers which doesn't provide any useful ROP gadgets. The exploit technique in this challenge details on using just a pop rdi gadget combining with gets() to craft powerful assembly instructions and achieve Remote-Code-Execution.

I played this CTF with Project Sekai and it was really great. We came 5th in the CTF. Learn the power of add [rbp-0x3d], ebx; nop [rax+rax]; rep ret; (3d gadget) and forget about ASLR.