Blog Posts

Hello, it's been a while! I played in the TISC 2024 CTF, ending up in third place. Overall the quality of the challenges was alright, but there were some guessy challenges (6 to some extent and especially 10) that soured the experience somewhat for me. I solved 11 challenges and had a working solution for the 12th challenge locally but did not have the time to tune the kernel race for the server.

All in all, I think the most interesting challenge was 11 (an escape from the patched Verona sandbox), but ultimately it did not end up really touching any significant details of the allocator or the sandbox (my understanding was that it was heavily nerfed - I would be quite interested in what the original challenge was like). I also thought that 12 was a decent way to learn some Linux kernel pwn, as that is not something that I have touched very much. Regardless, here are my writeups:

Read more ▶

Wow, it's been over a year now! Flare-On 10 (a reverse engineering challenge organized by Mandiant (well, now Google-Mandiant)) just finished a few weeks ago and as promised, it is probably the most challenging Flare-On so far. I finished #18th out of ~4500 globally (with a little bit of good luck!) which made me pretty happy :3

Read more ▶

The venerable fastbin dup attack is one of several ways to abuse the standard glibc malloc allocator that has been around for pretty much forever. By utilising a double free, an attacker is able to coerce the allocator into returning a (mostly) arbitrary chunk. After years of updates, it has not changed much.

Recently I had been looking at a CTF problem and found that the fastbin attack has an interesting subtlety due interactions with the tcache, which allows for a marginally better primitive.

Mostly, I just thought it was funny!

Read more ▶

This year I played in Defcon Quals with a small team. We did not qualify but it was still quite fun. Generally the challenges were of pretty high quality and were really interesting, so kudos to Nautilus Institute for pulling off a great CTF!

I personally ended up solving one reversing challenge during the CTF (kkkkklik) and finished Opacity a little bit after the end of the CTF. I was extremely close on the solution but unfortunately due to tiredness I had made some small mistakes and couldn't figure out how to correctly complete the challenge. That said, this is an extremely cool challenge and deserves a writeup!

TLDR: :explodingdog:

Read more ▶

I haven't posted for a while, as I've been taking the last few months to instead spend time on studying for some professional certifications instead of reading math. As of a few days ago, I am now officially cattified certified!

Since then I have restarted reading Rudin from where I left off, so expect more blog posts (and more art??) soon!

Read more ▶

Notes on Chapter 9 (Fourier Transforms) of Walter Rudin's Real and Complex Analysis. This is the last chapter of the real analysis portion of the book! meery crimskats!

Read more ▶

Notes on Chapter 8 (Integration on Product Spaces) of Walter Rudin's Real and Complex Analysis.

Read more ▶

Notes on Chapter 7 (Differentiation) of Walter Rudin's Real and Complex Analysis. I tried to actually section this out properly this time! Long chapter!

Read more ▶

Notes on Chapter 6 (Complex Measures) of Walter Rudin's Real and Complex Analysis. Happy December!

Read more ▶

Notes on Chapter 5 (Examples of Banach Space Techniques) of Walter Rudin's Real and Complex Analysis.

Read more ▶