CTFs & Stuff

I just started the EXP-301 course from Offensive Security and didn’t much like any of the WinDbg cheat sheets I found. So I made my own that’s more relevant toContinue readingWinDbg Cheat Sheet

Even more information leaks and stack overwrites. This time with random libraries / evented programming styles :> … Continue readingExploit Education | Fusion | Level 05 Solution

Level04 introduces timing attacks, position independent executables (PIE), and stack smashing protection (SSP). Partial overwrites ahoy! … Continue readingExploit Education | Fusion | Level 04 Solution

This level introduces partial hash collisions (hashcash) and more stack corruption … Continue readingExploit Education | Fusion | Level 03 Solution

This level deals with some basic obfuscation / math stuff. This level introduces non-executable memory and return into libc / .text / return orientated programming (ROP) … Continue readingExploit Education | Fusion | Level 02 Solution

level00 with stack/heap/mmap aslr, without info leak :) … Continue readingExploit Education | Fusion | Level 01 Solution

This is a simple introduction to get you warmed up … Continue readingExploit Education | Fusion | Level 00 Solution

I’ll be working through the Fusion challenges and posting my solution to each level here. These challenges are a step above Phoenix. If you haven’t completed those, or don’t alreadyContinue readingExploit Education | Fusion | Setup

We’re back in ret2win territory, but this time without the useful gadgets. How will we populate the rdx register without a pop rdx? … Continue readingROP Emporium | ret2csu Solution

There’s only enough space for a three-link chain on the stack but you’ve been given space to stash a much larger ROP chain elsewhere. Learn how to pivot the stack onto a new location … Continue readingROP Emporium | pivot Solution