Intro Fourchain - Hypervisor is a pwnable challenge created by Billy ( @st424204 ) for HITCON CTF 2022. It serves as the 4th stage of the Fourchain series – a VM Escape challenge which requires ch...
HITCON CTF 2022 -- Fourchain - Hypervisor
HITCON CTF 2022 -- Fourchain - Browser
Fourchain is a series of challenges created by me and Billy ( @st424204 ) for HITCON CTF 2022. The series consists of five pwnable challenges – Hole ( V8 pwn ), Sandbox ( Chromium sandbox escaping ...
Flare-on Challenge 2019 Write-up
Another year of Flare-on challenge ! As a guy who’s interetesed in reverse engineering, this is definitely a great chance for me to practice/sharpen my reversing skills ! This year it has 12 challe...
Flare-on Challenge 2018 Write-up
Flare-on challenge is a Reverse-style CTF challenge created by the FireEye FLARE team. The CTF contains lots of interesting, real-world style reversing challenges ( e.g. de-obfucating binary, malwa...
Some notes on migrating to Jekyll
Recently I’ve decided to migrate my blogging framework from Hexo to Jekyll. Here are some notes that I took for recording the migration process. Install Jekyll Here I created a Dockerfile for my...
Chakrazy -- exploiting type confusion bug in ChakraCore engine
Chakrazy is a browser CTF challenge created by team PPP for the 2017 PlaidCTF event. It’s a challenge based on Microsoft’s ChakraCore Javascript engine. You can download the challenge file here. ...
Learning browser exploitation via 33C3 CTF feuerfuchs challenge
So I’ve been playing with the browser exploitation recently, by studying some browser CTF challenges. So far I’ve tried qwn2own, SGX_Browser and feuerfuchs. qwn2own and SGX_Browser are both grea...
hxp CTF 2017 -- hardened_flag_store
Category: Pwnable 64 bit ELF with PIE, NX, FULL RELRO enabled The program will read a secret string from “secret.txt” and store the string address on stack. Then it will use seccomp to create a...
MeePwn CTF 2017 -- Brainfuck 1 & 2
Category: Pwnable Both binaries are 64 bit ELF, No RELRO, No canary, PIE & NX enabled. Brainfuck1 The program is a simple brainfuck language interpreter: it read input ( brainfuck code ), ...
MeePwn CTF 2017 -- anotherarena
Category: Pwnable 64 bit ELF, Partial RELRO, canary & NX enabled, No PIE. The program is a simple crackme program with multi-thread. First, the program will read the FLAG into a global buff...