This year, I happened to finally have a chance to be in a good position to play Flare-On CTF, a yearly CTF published by FireEye. This year’s edition offered 12 reverse-engineering challenges to solve …
Insomni’Hack CTF 2017 offered a series of 3 challenges (i.e. 3 different flags) on the same binary, called bender_safe: bender_safe was a Reversing challenge (50 pts) to discover the correct validati…
TL;DR: It is possible to defeat stack canary protection when a binary is vulnerable to arbitrary file read. Intro First of, Happy New Year 2017 ✌ Recently, I’ve decided to thoroughly investigate the…
The reverse_box challenge of TWCTF 2016 was a warmup challenge (only 50 points), not really hard. There are plenty of writeups for it, but none of them used the technique I used to solve it in only a …
Info A few weeks ago, I came across a GitHub repository created by @5aelo for people wanting to have a bit of ARM fun. I had recently spent some time adding new features and perfectionning old ones…
Info The vulnerable file was given with the following instructions: Guess what, it is a heap bug So yes, we’ll be dealing with some heap fun. gef➤ !file ./heapfun4u ./heapfun4u: ELF 64-bit LSB execu…
Info The vulnerable file was given with the instructions: :::text Don't forget to feed me http://www.scs.stanford.edu/brop/ Here are some info given by gef: gef➤ !file ./feedme ./feedme: ELF 32-…
Info As usual, the vulnerable file is here gef➤ !file ./feap ./feap: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.…
I participated to HITB Teaser CTF only to have a bit of fun with there pwnable challenge(s) which I find usually fun and instructive. The teaser only offered one pwnable challenge, named bakery. Info …
Info gef➤ !file ./web_of_science ./web_of_science: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.24, BuildID[sha1…