Writeups

Srdnlen 2025 - Snowstorm

Interesting pwn challenge regarding the exploitation of a simple stack BOF.

January 21, 2025 · leo_something & Lotus · 0 views
bof stack pivoting

Srdnlen 2025 - Kinderheim 511

Heap challenge with the goal of achieving arbitrary write to read the flag from the heap.

January 21, 2025 · leo_something & Lotus · 0 views
heap

CTE24 - DiDUP

This is an hard pwn challenge I wrote for Compete Against TeamEurope, this CTF was part of the training for ECSC2024. The vulnerability is a double-free triggerable through a race condition. No bruteforce is needed.

September 16, 2024 · leo_something · 0 views
heap race condition

UIUCTF24 - Pwnymalloc

Pwnymalloc is a nice custom allocator challenge from UIUCTF 2024. The vulnerability was about an incorrect handling of the prev_size during consolitation.

July 8, 2024 · leo_something · 0 views
heap custom allocator

CodegateJunior24 - Baby Heap

Heap challenge from the Codegate quals for juniors of 2024. The vulnerability was an heap overflow that enabled an attacker to gain overlapping chunks, therefore arb read and write.

June 3, 2024 · leo_something · 0 views
heap

OpenECSC Round 3 - Log4x86

This challenge comes from the 3rd round of openECSC 2024. The challenge was really really interesting: the exploitation tecnique involved a buffer overflow through a really short format string vulnerability.

May 25, 2024 · leo_something · 0 views
format string bof