This repository includes occasional write-ups from Capture the Flag competitions.
| Category | Technique | Example Problem |
|---|---|---|
| Pwn | Aarch64 | ARMsinthe |
| Pwn | House of Force | hall_of_fame |
| Pwn | House of Botcake | babyheap |
| Pwn | Tcache Poisoning | heapchall |
| Pwn | Heap Overflow | login |
| Pwn | SROP | sos, one-and-done, void |
| Pwn | Buffer Overflow w/ Leaked PIE | pwnme-6 |
| Pwn | Partial Overwrite w/ PIE | toosmall, gatekeep |
| Pwn | Leak Canary -> Buffer Overflow | gambler_supreme, pwnme-7 |
| Pwn | Leak Libc -> BoF -> One Gadget | securehoroscope |
| Pwn | Format write -> GOT Overwrite | ubume, oilspill, speed8 |
| Pwn | Format write -> Stack Overwrite | rickroll, rut-roh-relro |
| Pwn | Out-of-bound array index | oob, oob2 |
| Pwn | Abusing Linked List Pointers | open house |
| Pwn | Format string arbitrary read | format_string_read, printfail, waifu |
| Pwn | Format string arbitrary write | format-write |
| Pwn | Return to Libc | ret2libc, not-a-baby, tyger2 |
| Pwn | Return to System | ret2libc, horoscope, classiact |
| Pwn | Return to Syscall | Pwn-Loop, speed06 |
| Pwn | Return to Win | ret2win, trivial, pwnme-4 ihg, speed01 |
| Pwn | Buffer Overflow | gambler_overflow, lucky |
| Pwn | 32-bit ROP | pwnme-8 |
| Pwn | Leak Stack, JMP To ShellCode | sally-pirate, speed02 |
| Pwn | Minimal Shellcode | sally-seashells |
| Pwn | Construct shellcode bypassing seccomp | wiznu, stackless |
| Pwn | Construct shellcode bypassing bad chars | odd_shell |
| RE | Angr Deadend Path Exploration | formless |
| RE | Basic Reverse w/ Angr (stdin) | babyreee |
| RE | Basic Reverse w/ Angr (argv) | keygen |
| RE | Basic Reverse of XOR | eXclusiveclub |
| RE | Symbolically executing code w/ Angr | basic_rev, dragonplt |