/ Recent content in Home on phakeobj Hugo -- gohugo.io en-us Tue, 20 Jul 2021 15:11:14 +0000 /posts/googlectf-2021-compress/ Tue, 20 Jul 2021 15:11:14 +0000 /posts/googlectf-2021-compress/ My friend developed a custom compression algorithm, but doesn’t want to share the format documentation. He keeps it on his demo server - why don’t you try to steal it? Reconnaissance The challenge zip file consisted a single binary executable file called compress. we started off conservatively, by running checksec to understand what are we dealing with here. phakeobj@localbox:~/ctf/google-2021/compress$checksec compress [*] '/home/phakeobj/ctf/google-2021/compress/compress' Arch: amd64-64-little RELRO: Full RELRO Stack: Canary found NX: NX enabled PIE: PIE enabled FORTIFY: Enabled After getting to know the security properties of the executable, we played around with it, in hope to get some understanding of the functionality and where would it make sense to find a bug. /posts/gigacage/ Sun, 25 Aug 2019 16:13:30 +0300 /posts/gigacage/ A WebKit Exploit Mitigation Technique