Miscellaneous Selfie Memory G-Bee-S Big Phone Musical Encounter Maze Cup The Cardmaster web Press Me If U Can XSS Lab Blog Casin0ps Game Boy Game Boy Advance Plotwist Cryptography The Emperor Break My Stream Key Exchange CrypTopiaShell n0psichu Meago Free n00psy Pwn pwnfield Under Attack Reverse Engineering Read the Bytes! LooneyDroid pwntopiashl VALidTOR Invaders Forensics Unknown File Moshy Moshy A515 3v3ntl0g Forensics &am ...

赛事信息 题目附件 web My First CTF 考察点：rot1加密识别 赛后学习 My Second CTF 赛后学习 My Third CTF Fuzzies 考察点：逐级fuzz的技巧、api常规设计常识 比赛过程记录 初步分析 目录fuzz尝试 api-admin api-fuzzies 赛后学习 api-users fuzz user-id fuzz user-features (flag1)fuzz user-existence (flag2)fuzz admin_passwd 进一步探索管理后台 (flag3)fuzz message-id (flag4)fuzz fuzzy-id (flag5)fuzz 总结 Miscellaneous SSSH 考察点： 比赛过程记录 赛后学习 Malware Verification Clarification 考察点： 比赛过程记录 赛后学习 Binary E ...

Sherlock Scenario Q&A Sherlock Scenario A major incident has recently occurred at Forela. Approximately 20 GB of data were stolen from internal s3 buckets and the attackers are now extorting Forela. During the root cause analysis, an FTP server was suspected to be the source of the attack. It was found that this server was also compromised and some data was stolen, leading to further compromises throughout the environment. You are provided with a minimal PCAP file. Your ...

Sherlock Scenario Q&A 1 2 3 4 5 6 7 8 Sherlock Scenario In this very easy Sherlock, you will familiarize yourself with Unix auth.log and wtmp logs. We’ll explore a scenario where a Confluence server was brute-forced via its SSH service. After gaining access to the server, the attacker performed additional activities, which we can track using auth.log. Although auth.log is primarily used for brute-force analysis, we will delve into the full potential of this ar ...

描述 Introduction 堆是什么 以不同方式存在的内存类型 堆和栈之间的区别 生命周期 讨论堆之前的其他替代方案 mmap() 更智能的方案-动态内存分配器的出现 注意 heap做了什么 heap是如何运行的 追踪数据段的设置过程 实验-追踪heap初始化 实验-追踪malloc()分配动态内存空间前后的内存映射情况 实验-追踪malloc()分配大量内存时的情况 注意 heap的风险 如何检测风险 heap优化与安全性之间的矛盾 导致heap滥用的原因 风险-内存泄露(Leak) 风险-内存资源耗尽 风险-释放后使用 实验-Use After Free堆块复用_Intput 风险-内存信息泄露(Disclosure) Memory Leak和Memory Disclosure的区别 实验-Use After Free堆块复用_Output 终极风险-heap元数据损坏 House系列的heap利用-概述 重叠内存分配 ...

描述 Introduction 描述 The glibc heap consists of many components distinct parts that balance performance and security. Beyond tcache exists a memory management system consisting of many interrelated bins and components. This module explores these components and interactions between them. By applying advanced heap exploits that “shape” the internal state of the heap, exploitation primitives can be created. Heap exploits are complex and ephemeral, frequently changing with libc v ...

赛事信息 战队排名情况 题目附件 web Red This 考察知识点：redis的基本认识 比赛时的临时笔记 页面初探 分析架构 分析路由 分析admin相关条件 分析数据库 分析flag相关条件 getflag Willy Wonka Web 考察知识点：apache反向代理、http头注入 比赛时的临时笔记 页面初探 分析架构 分析express请求处理 分析apache配置文件 Solved by 0xfun-dr.kasbr forensics Are You Looking Me Up? 考察知识点：原始网络日志分析、dns协议过滤特征 赛后学习 过滤协议特征 数据排序与统计 Mine Over Matter 赛后学习 思路总结 确定数据存储方案 提取目标IP 反向解析筛选出潜在矿池 解决clash TUN带来的DNS污染问题 筛选矿池域名 定位矿工 exp Wimdows 1 pwn Mi ...

ASCII sollution Hex sollution Base64 sollution Bytes and Big Integers sollution XOR Starter sollution XOR Properties sollution Favourite byte sollution ASCII ASCII is a 7-bit encoding standard which allows the representation of text using the integers 0-127. ASCII 是一种 7 位编码标准，允许使用 0 至 127 的整数来表示文本。 Using the below integer array, convert the numbers to their corresponding ASCII characters to obtain a flag. 使用下方的整数数组，将数字转换为对应的 ASCII 字符以获取 ...