MeePwnCTF 2018 Qual Re Image_Crackme


The programme implements a simple logic in image processing. Since I started to learn GO binary just from CrossCTF, I spend a lot of time reversing the logic of the challenge.
Continue reading “MeePwnCTF 2018 Qual Re Image_Crackme”


Extra Heap Exploitation: House-of-Rabbit


In recent HITB XCTF, this technique is used in one heap challenge. I think it’s necessary to give a basic introduction on this also as an extension on my tutorial on largebin in ptmalloc.
The criteria for this exploitation technique is strict compared to other techniques and requires a lot of manual craft to assure the exploit is successful. The advantage of this technique is that the whole exploitation no longer depends on the knowledge of the base address of libc. But the advantage is limited as we still need a known address in advance, which can by repeatedly and reliably modified. Maybe the CTF community may find more potential of such technique in future.
The original information about this technique can be found in [1]. My post is based on this blog.
Continue reading “Extra Heap Exploitation: House-of-Rabbit”



In this post, I will talk about the seccomp and ptrace step by step. The manual reference of ptrace [6] is heavily recommended for this topic. The whole post will be divided into 6 sections: (1) Introduction of syscall. (2) Introduction of seccomp. (3) Introduction of ptrace. (4) Advanced ptrace. (5) Seccomp Filter and seccomp-tool. and (6) Seccomp escape with ptrace.
I will give many sample codes in the post since I am a newbie in seccomp escape.
Continue reading “SECCOMP AND PTRACE”