Last week, I participated in hxp 2022, an esteemed CTF event, where I successfully tackled the pwn challenge “browser_insanity.” This captivating exploit required reading arbitrary files from the KolibriOS OS filesystem, pushing me to dive deep into KalibriOS browser vulnerabilities and hone my reverse engineering skills. DescriptionEver wanted to hack a tiny OS written in x86-32 assembly and C--? Me neither but it’s hxp CTF 2022. Give us the URL, the user in the KolibriOS VM will visit it.
This week was an exhilarating one as I had the opportunity to take part in the renowned Real World CTF 5th event. Among the various mind-bending challenges I encountered, one particularly intriguing puzzle called tinyvm caught my attention. This challenge involved delving into the realm of VM pwn, as we set out on a quest to successfully spawn a shell on a remote target. Here is my writeup for it.
As a programmer, it’s important to constantly challenge yourself and learn new things. One way to do this is by tackling a new programming language. Recently, I decided to take on the challenge of learning Rust by doing Advent of Code 2022. It is an annual programming challenge that consists of a series of small coding puzzles released daily during the month of December. It’s a great way to practice your skills and learn new techniques, and it’s a lot of fun (sometimes it is not true).
This is the first post on this blog. From time to time I will post here some writeups, finds or other nonsense.