tl;dr

• UAF in chess game, overwrite __malloc_hook to one_gadget

tl;dr

• The dump has some encrypted functions
• The encrypted bytes are being xorred with a 32 byte key
• Find the xor_key in the dump
• Use xor_key offset to find the offset of AES_key and iv
• AES_CBC decrypt to find flag

tl;dr

• Abusing a stack overflow on a RISC-V binary to then return to shellcode.

tl;dr

• overflow the char candle counter stored in the wax structure and trigger uaf.
• Use the uaf to trigger double free and get shell.

tl;dr

• Out-of bounds index write allows byte-by-byte overwrite of return address

tl;dr

• Carefully arranging structs on stack so as to overwrite saved rip , without corrupting the stack canary.
• Leak libc with puts and execute a ret2libc to get shell

tl;dr

• Challenge is a VM implemented over signals and ptrace
• Reverse Instruction types and implementation
• Use gdb scripting to find the executed code and get the pseudo VM code
• Find out the algorithm (Max triangle sum) from VM instructions
• Find an more optimized way to solve the problem (Or lazy solve it!).

tl;dr

• Challenge is a VM implemented over signals and ptrace
• Reverse Instruction types and implementation
• Use gdb scripting to find the executed code and get the pseudo VM code
• Reverse the VM functionality (Hill cipher) for flag and profit