前段时间还在惊讶福建为什么突然爆发疫情，转眼间哈尔滨也烂掉了。兰州聚会寄了，广州两周游也寄了，雅思寄了，GRE也寄了，只能在哈尔滨苦逼地记录一下招新赛2021出题概况与环境部署细节，看来出国壬需要具备较强的心理容错能力。

      今年上半年很荣幸能通过华为奇点二进制安全实验室的面试，并在暑假进行为期两月的实习。

CTF games have flourished in recent years. However, more GLIBC heap allocator exploit techiniques are becoming boring and meaningless, especially for games in China. Challenges are well-designed, deliberately constructed, leading to specific ways to solve them, which is actually further and further away from real world exploits. I started to aim more at Linux kernel memory allocator these days and gathered some imformation about Buddy System & SLUB hitherto.

Like user mode, there are also couples of ways of mitigation against exploits in Linux kernel. Here is a list of mitigation in kernel mode and methods to bypass some of them.

Refreshed by X1do0

prelude of the new theme demo babble

Congratulations to Kaztebin, ranked 1 in DEFCON CTF29 again.

It reminds me of my first ctf competition with Katzebin: hxp2020 [1]. There are some excellent challenges in this game which I missed out at that time, including some linux kernel exploitations. Recently I started to learn kernel pwn, and I think it’s time to solve these left challenges.

周末和学弟学妹一起打的一场比赛，比较基础，但涉及的知识面较广，有必要整理查漏补缺 url: https://ctftime.org/event/1397 rank 8 with lilac

• babystack: static link, find gadget to trigger your own syscall and ROP
• warmup: glibc2.32 (lastest version) tcache exploitation, xor bypass
• khop: basic linux kernel exploits, use-after-free and zero deference
• babymusl: musl libc heap exploits, unlink vulnerability and ROP
• suscall: basic linux kernel exploits, bugged syscall implemented by host
• trash: glibc2.32 off-by-null, trigger heap overlapping and double free
• Interpreter: virtual machine exploits, out-of-bound read and write

国内最受瞩目的比赛之一，拥有几乎最高的PWN/realworld赛题质量。

比赛时看了几道cold down, EXSI找到了洞但是不好复现…

• easy_go
• vmnote
• s2a
• 强网先锋
• EXSI (Real World)

rank 3 with AAA