This repository includes occasional write-ups from Capture the Flag competitions.
Category | Technique | Example Problem |
---|---|---|
Pwn | Aarch64 | ARMsinthe |
Pwn | House of Force | hall_of_fame |
Pwn | House of Botcake | babyheap |
Pwn | Tcache Poisoning | heapchall |
Pwn | Heap Overflow | login |
Pwn | SROP | sos, one-and-done, void |
Pwn | Buffer Overflow w/ Leaked PIE | pwnme-6 |
Pwn | Partial Overwrite w/ PIE | toosmall, gatekeep |
Pwn | Leak Canary -> Buffer Overflow | gambler_supreme, pwnme-7 |
Pwn | Leak Libc -> BoF -> One Gadget | securehoroscope |
Pwn | Format write -> GOT Overwrite | ubume, oilspill, speed8 |
Pwn | Format write -> Stack Overwrite | rickroll, rut-roh-relro |
Pwn | Out-of-bound array index | oob, oob2 |
Pwn | Abusing Linked List Pointers | open house |
Pwn | Format string arbitrary read | format_string_read, printfail, waifu |
Pwn | Format string arbitrary write | format-write |
Pwn | Return to Libc | ret2libc, not-a-baby, tyger2 |
Pwn | Return to System | ret2libc, horoscope, classiact |
Pwn | Return to Syscall | Pwn-Loop, speed06 |
Pwn | Return to Win | ret2win, trivial, pwnme-4 ihg, speed01 |
Pwn | Buffer Overflow | gambler_overflow, lucky |
Pwn | 32-bit ROP | pwnme-8 |
Pwn | Leak Stack, JMP To ShellCode | sally-pirate, speed02 |
Pwn | Minimal Shellcode | sally-seashells |
Pwn | Construct shellcode bypassing seccomp | wiznu, stackless |
Pwn | Construct shellcode bypassing bad chars | odd_shell |
RE | Angr Deadend Path Exploration | formless |
RE | Basic Reverse w/ Angr (stdin) | babyreee |
RE | Basic Reverse w/ Angr (argv) | keygen |
RE | Basic Reverse of XOR | eXclusiveclub |
RE | Symbolically executing code w/ Angr | basic_rev, dragonplt |