Following up on the previous post, we will triage a crash to find the cause of a blind format string bug. We’ll take this bug from annoying crash all the way to RCE with a few neat tricks.
The first of a two-part series. This part will cover how I set up a grammar fuzzer with LibAFL and Nautilus in order to fuzz the game server for Trackmania Nations Forever.
Pwning a Game Boy emulator with our very own 0day.
A nice intro to heap challenges, featuring tchache and the unsortedbin.
This writeup explains how to reverse engineer the security patch and craft an exploit for CVE-2021-22204, without any real Perl knowledge.
In this challenge, we write a custom GTK module to elevate our privileges and gain root access.
This challenge has you rout a minecraft client though an in-game computer to hack an otherwise secure minecraft server.