tl;dr

• Heap Overflow in glob function while handling Tilde operator.
• Abuse null byte overflow to gain RCE.

tl;dr

• Use the integer overflow to trigger a kernel heap overflow.
• Use the heap overflow to overwrite tty structure function pointers to get code execution.

tl;dr

• Extract creation timestamp of a note from Google Keep Notes.
• Finding location, date & time from Slack Messages.
• Extract no. of tasks completed and created from Google Tasks.
• Finding secret code from Google Docs cache.
• Extract first opened timestamp of a Game.

tl;dr

• Extract User ID and Workspace ID of the Slack workspace participating.
• Extract the first & last 3 characters of text from the Anydesk Remote connected PC’s thumbnail wallpaper.
• Extract the type of filesystem of the USBs connected to the system.
• Extracting active duration of Voice Modulator application used by parsing Windows Activity timeline.

tl;dr

• Finding default browser and the top visited website.
• Extract timestamp, ID, Hostname of the TeamViewer FileTransfer session.

tl;dr

• Finding Chat application
• Extract unread message count from NTUSER.dat.
• Extract the last executed timestamp of the chat application.
• Extract the Version of the chat application.

tl;dr

• Notepad 1 - Use Set-Cookie header to get XSS on the Admin
• Notepad 1.5 - CRLF on the name parameter of Golang’s Header().Set() method
• Notepad 2 - Xsleaks using Timing-Allow-Origin header

tl;dr

• Jemalloc heap challenge
• A buggy implementation of strncat in merge allows for an overwrite onto the next region

tl;dr

• /source to get the source
• Access local host from dev_test using SSRF
• SQLI to get the flag path a nd LFI to get the flag

tl;dr

• Arbitrary type confusion in DFG JIT
• Bug eliminates a single CheckStructure node