Posts
Pwning VMware, Part 2: ZDI-19-421, a UHCI bug
Though we’re now almost to March, I’m still spending my free time working though VMware pwning as part of my 2019 advent calendar. I’d given myself 3 VMware challenges to look at, including one CTF challenge from Real World CTF Finals in 2018, and two n-days that were originally used at reported at Pwn2Own by Fluoroacetate. My previous post covered the RWCTF challenge, so now it’s time to play around with some thing more… real world :)
Pwning VMWare, Part 1: RWCTF 2018 Station-Escape
Since December rolled around, I have been working on pwnables related to VMware breakouts as part of my advent calendar for 2019. Advent calendars are a fun way to get motivated to get familiar with a target you’re always putting off, and I had a lot of success learning about V8 with my calendar from last year.
There and Back Again: HITCON 2018's Super Hexagon
One of the most interesting and unique CTF challenges I’ve seen over the past year was the “Super Hexagon” challenge from HITCON 2018. The challenge is unlike any other in several ways. A single bios.bin is distributed to the player that contains six (!) different levels to pwn, spread across all current exception levels, and involving both armv7 and aarch64 execution.
advent-browserpwn 2018
Last December (2018), I created an advent calendar on the Japanese site adventar.org after seeing some Japanese CTFers creating a PWN-focused calendar there.
subscribe via RSS