../../apple-touch-icon.png

招新赛 2021 出题总结(个人向)

前段时间还在惊讶福建为什么突然爆发疫情,转眼间哈尔滨也烂掉了。兰州聚会寄了,广州两周游也寄了,雅思寄了,GRE也寄了,只能在哈尔滨苦逼地记录一下招新赛2021出题概况与环境部署细节,看来出国壬需要具备较强的心理容错能力。

SLUB & Buddy System in Linux Kernel

CTF games have flourished in recent years. However, more GLIBC heap allocator exploit techiniques are becoming boring and meaningless, especially for games in China. Challenges are well-designed, deliberately constructed, leading to specific ways to solve them, which is actually further and further away from real world exploits. I started to aim more at Linux kernel memory allocator these days and gathered some imformation about Buddy System & SLUB hitherto.

Linux Kernel Mitigation & Bypass

Like user mode, there are also couples of ways of mitigation against exploits in Linux kernel. Here is a list of mitigation in kernel mode and methods to bypass some of them.

Hxp2020

Congratulations to Kaztebin, ranked 1 in DEFCON CTF29 again.

It reminds me of my first ctf competition with Katzebin: hxp2020 [1]. There are some excellent challenges in this game which I missed out at that time, including some linux kernel exploitations. Recently I started to learn kernel pwn, and I think it’s time to solve these left challenges.

BSides Noida CTF 2021

周末和学弟学妹一起打的一场比赛,比较基础,但涉及的知识面较广,有必要整理查漏补缺 url: https://ctftime.org/event/1397 rank 8 with lilac

  • babystack: static link, find gadget to trigger your own syscall and ROP
  • warmup: glibc2.32 (lastest version) tcache exploitation, xor bypass
  • khop: basic linux kernel exploits, use-after-free and zero deference
  • babymusl: musl libc heap exploits, unlink vulnerability and ROP
  • suscall: basic linux kernel exploits, bugged syscall implemented by host
  • trash: glibc2.32 off-by-null, trigger heap overlapping and double free
  • Interpreter: virtual machine exploits, out-of-bound read and write

Qwb final 2021

国内最受瞩目的比赛之一,拥有几乎最高的PWN/realworld赛题质量。

比赛时看了几道cold down, EXSI找到了洞但是不好复现…

  • easy_go
  • vmnote
  • s2a
  • 强网先锋
  • EXSI (Real World)

rank 3 with AAA