I played IJCTF 2020 in zer0pts and we got 3rd place. Other member's writeup: st98.github.io [pwn 100pts] Input Checker [pwn 620pts] Babyheap [rev 728pts] Rev 0 [rev 986pts] Rev 2 [forensics 998pts] List Of File Type [rev+web+pwn 1000pts] b…

はじめに 少し前のFireShell CTFでwebkitのexploitを書いたのですが、一部作問ミスを利用して解いたのでexploitを書き直しました。 その際、webkitのセキュリティ機構を2つ回避する必要があったので、それらの回避法について調べました。 この辺は日本語記事…

I played PlaidCTF in shibad0gs and reached 38th place. I'm going to write up the challenges I solved during the CTF. I don't write about "YOU wa SHOCKWAVE" as I mostly guessed the flag. (It was about disassembling shockwave media --> findi…

I played HexionCTF in zer0pts and we got 1st place. The tasks are decent-level, fun and well-designed. Thank you @hexion_team for the nice CTF! Other member's writeup: st98.github.io [Pwn 940pts] WWW [Pwn 988pts] Hangman [Pwn 998pts] Text …

About Yesterday I came up with an idea of a new heap exploitation technique. As far as I googled it, nobody had published the technique yet and I named it "House of Husk." The technique makes it easy to control RIP under the condition that…

はじめに ヒープ大嫌いなのですが、多分まだ誰も公開していないヒープ系exploit手法を思いついたので書きます。 調べても出てこなかったので既出じゃないと信じて「House of Husk」と名前を付けました。 これ系に命名規則があるのか不明だし名前も思いつかな…