Eight bytes to get a shell.

This will be a quick one. Last week was hacklu again. And again it was in the middle of the week. Nothing they can do about that they say, and I believe them of course! Point being I didn't have time to play properly, I only looked at one challenge. There was one little trick I liked and wanted to share.

read the full article

Visualizing a single null-byte heap overflow exploitation

When Phantasmal Phantasmagoria wrote The Malloc Malleficarum back in 2005 he exposed several ways of gaining control of an exploitation through corruption of the internal state of the libc memory allocator. Ten years later people are still exploring the possibilities offered by such complex data structures. In this article I will present how I solved a challenge from Plaid CTF 2015 and the tool I wrote in the process.

read the full article

Giving Jekyll a shot

Hack.lu's OREO with ret2dl-resolve

Getting a shell on fruits - bkpctf 2014

A python's escape from PlaidCTF jail