Post List

Vulnerability Analysis

Analysis on CVE-2017-14489
Analysis on CVE-2016-9793
Analysis on CVE-2013-2551

Academic Paper

[CCS2017] Semfuzz: Semantics-based automatic generation of proof-of-concepts exploits
[CCS2017] The Dynamics of Innocent Flesh on The Bone: Code Reuse Ten Years Later
[CCS2015] Per-Input Control Flow Integrity
[USENIX2014] Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM
CFIXX: Object Type Integrity for C++

CTF Challenge

[2017-08-26] HITB XCTF 2017 PWN 1000level Write-up
[2017-08-26] HITB XCTF 2017 PWN Sentosa Write-up
[2017-08-29] HITB XCTF 2017 PWN Simplefmt Write-up
[2017-10-13] CSAW CTF 2017 Qual PWN Zone Write-up
[2017-11-01] TokyoWestern CTF 2017 Quals PWN ASCII ART Write-up
[2017-11-10] GOOGLE CTF 2017 Quals PWN CFI Write-up
[2017-11-24] TokyoWestern CTF 2017 Quals PWN SIMPLE NOTE1 Write-up
[2017-11-29] CodeBlue CTF 2017 PWN NONAMESTILL Write-up
[2017-12-04] Hack.Lu CTF 2014 PWN Oreo Write-up
[2017-12-09] CodeBlue CTF 2017 PWN DEMOSCENEDB Write-up (House of Mind, seemingly wrong at now)
[2017-12-11] 0CTF 2017 Quals PWN Babyheap Write-up
[2017-12-13] HICTON 2016 Quals PWN House-of-Orange Write-up
[2017-12-14] 0CTF 2016 Quals PWN Zerostorage Write-up
[2017-12-16] HITCON 2017 Quals PWN Ghost-in-The-Heap Write-up
[2017-12-27] X-MAS CTF 2017 PWN Bookstore Write-up
[2017-12-30] 34C3 CTF PWN SimpleGC Write-up
[2017-12-30] 34C3 CTF PWN Readme-revenge Write-up
[2018-01-15] SECCON CTF 2017 Online Candy Store Write-up
[2018-01-19] CodeBlue CTF 2017 PWN DEMOSCENEDB Write-up (House of Lore)
[2018-01-22] 0CTF 2017 Quals PWN EasiestPrintf Write-up
[2018-01-26] HITCON 2015 Quals PWN BlinkRoot Write-up

Tutorial

Exploit Tutorial Plan フラグが立った
Series 1 Lecture 01: ELF file format and Dynamic Link
Series 1 Lecture 02: Virtual Function and Virtual Function Call Hijacking
Series 1 Lecture 03: Shellcode, Stack Buffer Overflow and Return Oriented Programming
Series 2 Lecture 01: Ptmalloc Introduction: Memory Management and Malloc Internal
Series 2 Lecture 02: Ptmalloc Introduction: Free/Realloc Internal and Security Checks
Series 3 Lecture 01: Heap Exploitation: House of Spirit and House of Force
Series 3 Lecture 02: Heap Exploitation: Unsafe unlink and Fastbin Corruption
Series 4 Lecture 01: Advanced Heap Exploitation: Unsorted bin attack and Overlapping chunk
Series 4 Lecture 02: Advanced Heap Exploitation: File Stream Oriented Programming
Series 4 Lecture 03: Advanced Heap Exploitation: House of Mind and House of Orange
New exploitation tutorial plan
Extra Heap Exploitation 1: House of Lore
Extra Heap Exploitation 2: TCache and Potential Exploitation
Extra Exploitation Technique 1: _dl_open
Extra Exploitation Technique 2: Implicit Malloc and Free in glibc
Extra Exploitation Technique 3: Return-to-dl_resolve