Hacking TMNF: Part 2 - Exploiting a blind format string

Following up on the previous post, we will triage a crash to find the cause of a blind format string bug. We’ll take this bug from annoying crash all the way to RCE with a few neat tricks.

October 5, 2022 · 15 min

Hacking TMNF: Part 1 - Fuzzing the game server

The first of a two-part series. This part will cover how I set up a grammar fuzzer with LibAFL and Nautilus in order to fuzz the game server for Trackmania Nations Forever.

October 5, 2022 · 17 min

Gearboy - CSCG / CTC 2022

Pwning a Game Boy emulator with our very own 0day.

July 12, 2022 · 11 min

RaRCTF 2021 - Return of EmojiDB

A nice intro to heap challenges, featuring tchache and the unsortedbin.

August 21, 2021 · 9 min

CVE-2021-22204 - Recreating a critical bug in ExifTool, no Perl smarts required.

This writeup explains how to reverse engineer the security patch and craft an exploit for CVE-2021-22204, without any real Perl knowledge.

April 26, 2021 · 8 min

NahamConCTF 2021 - Zenith

In this challenge, we write a custom GTK module to elevate our privileges and gain root access.

March 14, 2021 · 4 min

ALLES!CTF 2020 - ALLES!Craft

This challenge has you rout a minecraft client though an in-game computer to hack an otherwise secure minecraft server.

September 8, 2020 · 7 min