Web |
GateCrash |
SQL injection via CRLF injection |
⭐ |
Web |
Nexus Void |
Dotnet deserialisaiton via SQL injection |
⭐⭐ |
Web |
PhantomFeed |
Race condition via reDos, open-redirect in Nuxt.js to perofrm CSRF and leak OAuth 2 access token, RCE in Reportlab |
⭐⭐⭐ |
Pwn |
Great Old Talisman |
Overwrite exit@GOT with the address of the function that reads the flag |
⭐ |
Pwn |
Zombienator |
Make 9 allocations and 8 frees to leak a libc address, abuse scanf("ld") to bypass the canary check, use pwntools struct to pack doubles, and perform a ret2libc attack with one gadget |
⭐⭐ |
Pwn |
Zombiedote |
Leverage a single malloc call, an out of bounds read and two out of bounds writes in order into code execution in glibc 2.34 |
⭐⭐⭐ |
Reversing |
WindowOfOpportunity |
Reversing simple flag checker algorithm |
⭐ |
Reversing |
BioBundle |
Reversing a flag checker embedded in a library encrypted and loaded with memfd_create |
⭐⭐ |
Reversing |
RiseFromTheDead |
Reversing a flag encoder then recovering a core dump to retrieve the flagg |
⭐⭐⭐ |
Forensics |
One Step Closer |
Windows JScript deobfuscation - Malware delivery - VBS debugging |
⭐ |
Forensics |
ZombieNet |
OpenWrt firwmare analysis - MIPS binary emulation using QEMU |
⭐⭐ |
Forensics |
Shadow of the Undead |
Meterpreter parsing/decryption - custom windows shellcode emulation |
⭐⭐⭐ |
Crypto |
MSS |
Use CRT to get the entire secret on a Mignotte Secret Sharing scheme |
⭐ |
Crypto |
Mayday Mayday |
Factor N by exploiting the partial leakage of the CRT components |
⭐⭐ |
Crypto |
Zombie Rolled |
Solve a diophantine equation to get the private key and apply LLL to recover the flag from the signature |
⭐⭐⭐ |