Published onApril 29, 2024AOFCTF '24 - Pwn - Birdy101pwnaofctfcanaryTLSthreadingmaster-canaryOverwriting Master Canary in the TLS by overflowing a buffer stored in the Thread Stack in a threaded function.
Published onApril 29, 2024AOFCTF '24 - Pwn - NaughtypwnaofctfprintfbofUsing printf to first leak libc/pie, then overwriting a global variable which gives us a write primitive which is suspecitble to buffer overflow, then simple rop.
Published onApril 29, 2024AOFCTF '24 - Pwn - ROP101pwnaofctfsropUtilizing SROP to write to a buffer and then using read syscall to write 0xF into rax to call rt_sigreturn
Published onApril 29, 2024AOFCTF '24 - Pwn - Yip-Yippwnaofctfoff-by-oneUtilizing an Off-by-One error to overwrite the null-byte of string and keep printing the stack content until a nullbyte.
Published onMarch 14, 2024HTB - Cyber Apocalypse 2024 - Forensics - Game Invitationforensicshtbcyber-apocalypse24word-macrosExtracting a Word Macro, extracting an embedded hta/js code and finally extracting another powershell code that contains the flag.