z0v3r1n's blog
blog/ about/
  3. Tags
  5. pwn

  • VolgaCTF Quals 2025 – pwn/babuin2

    Full chain challenge which has two parts: get userland code execution and then exploit a vulnerability within the custom piccall syscall handler!

    January 4, 2026
    35 min read
    pwn full-chain uaf kernel merge sort

  • Blackhat MEA CTF Final 2025 – pwn/stack-prelude

    Forcing recv() to return early by sending urg tcp packet!

    December 3, 2025
    13 min read
    pwn blackhat-mea

  • Blackhat MEA CTF Final 2025 – pwn/verifmt

    Leaking stack via partial format strings %*N$

    December 2, 2025
    10 min read
    pwn blackhat-mea

  • Buckeye 2025 – pwn/bashtille

    Abused the server misconfiguration in the user-namespace mapping which gave us effective root inside the container to escape chroot by using a exploit that chroots inside the chroot to escape the jail.

    November 9, 2025
    4 min read
    buckeye pwn

  • Introduction to file struct exploitation: openECSC 2025 – pwn/exitnction

    Exploiting file structs to execution using "_IO_wfile_seekoff" vtable

    October 14, 2025
    20 min read
    fsop pwn openECSC

  • CTF@AC 2025 – pwn/babybof

    Classic buffer overflow

    September 13, 2025
    2 min read
    ctf-ac pwn

  • CTF@AC 2025 – pwn/fini

    Hijacking .fini_array for a shell

    September 13, 2025
    3 min read
    pwn ctf-ac

  • FortiD CTF 2025 – pwn/protect-the-environment

    Abusing getenv() with repeated ROT13

    September 12, 2025
    3 min read
    pwn fortid

  • WatCTF F25 – pwn/Hex Editor Xtended v2

    Bypassing Path Checks by editing /proc/self/mem

    September 10, 2025
    3 min read
    pwn watctf

  • WatCTF 2025 – pwn/intro2pwn

    Classic Buffer Overflow

    September 10, 2025
    4 min read
    pwn bof watctf

  • WatCTF 2025 – pwn/person-tracker

    One Byte to Rule Them All

    September 10, 2025
    10 min read
    off-by-null pwn watctf
© 2026 z0v3r1n