CTF

My friends built me a custom CTF for my 26th birthday. It had QR codes hidden in birthday cards, physical flags at ETH, and an ESP32 “rowhammer” challenge. A tale of caffeine addiction and hardware security trauma.

A writeup about exploiting an image converter service through path traversal and multiprocessing pickle deserialization. The solution required crafting a polyglot file that’s both a valid BMP image and a malicious pickle payload to achieve RCE.

A writeup for EPFL CS412’s HEAP-MEANU challenge involving heap exploitation through one-byte overflow and constrained brute-force reading. Despite full protections and modern libc 2.39, achieved RCE using a House of Spirits like attack.