{"version":1,"pages":[{"id":"-MEwBXG9hxvPkYAFLouP","title":"Cybersecurity Notes","pathname":"/notes","siteSpaceId":"sitesp_CH9l1","description":""},{"id":"-MEwMV9uXmzvIUZUtg_i","title":"Stack","pathname":"/notes/binexp/stack","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"}]},{"id":"-MEwMV9v90er52Gv3TQV","title":"Introduction","pathname":"/notes/binexp/stack/introduction","siteSpaceId":"sitesp_CH9l1","description":"An introduction to binary exploitation","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MEwluiBDL6OBprVL_i8","title":"ret2win","pathname":"/notes/binexp/stack/ret2win","siteSpaceId":"sitesp_CH9l1","description":"The most basic binexp challenge","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MExkm7k1OtljlWdhxgU","title":"De Bruijn Sequences","pathname":"/notes/binexp/stack/de-bruijn-sequences","siteSpaceId":"sitesp_CH9l1","description":"The better way to calculate offsets","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MEwMV9wHQlbmOaF0KCm","title":"Shellcode","pathname":"/notes/binexp/stack/shellcode","siteSpaceId":"sitesp_CH9l1","description":"Running your own code","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MExkyVhxMxDam6kz_WJ","title":"NOPs","pathname":"/notes/binexp/stack/nops","siteSpaceId":"sitesp_CH9l1","description":"More reliable shellcode exploits","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MF09vbybut3nwfIrZsa","title":"32- vs 64-bit","pathname":"/notes/binexp/stack/32-vs-64-bit","siteSpaceId":"sitesp_CH9l1","description":"The differences between the sizes","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MF0BxdYDW5zZIIbn2R6","title":"No eXecute","pathname":"/notes/binexp/stack/no-execute","siteSpaceId":"sitesp_CH9l1","description":"The defence against shellcode","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MF0BtVF8FjdxaCH4szk","title":"Return-Oriented Programming","pathname":"/notes/binexp/stack/return-oriented-programming","siteSpaceId":"sitesp_CH9l1","description":"Bypassing NX","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MFAJYxxkgeMgE_HnQl_","title":"Calling Conventions","pathname":"/notes/binexp/stack/return-oriented-programming/calling-conventions","siteSpaceId":"sitesp_CH9l1","description":"A more in-depth look into parameters for 32-bit and 64-bit programs","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"Return-Oriented Programming"}]},{"id":"-MFAcqFeZh730M50CdgO","title":"Gadgets","pathname":"/notes/binexp/stack/return-oriented-programming/gadgets","siteSpaceId":"sitesp_CH9l1","description":"Controlling execution with snippets of code","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"Return-Oriented Programming"}]},{"id":"-MFAQ8iyE5WKy_a8IOjM","title":"Exploiting Calling Conventions","pathname":"/notes/binexp/stack/return-oriented-programming/exploiting-calling-conventions","siteSpaceId":"sitesp_CH9l1","description":"Utilising Calling Conventions","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"Return-Oriented Programming"}]},{"id":"-MFA_NaPIa_hBnDE0f8s","title":"ret2libc/ret2system","pathname":"/notes/binexp/stack/return-oriented-programming/ret2libc","siteSpaceId":"sitesp_CH9l1","description":"The standard ROP exploit","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"Return-Oriented Programming"}]},{"id":"nkFrsFXYrnHEO28vyfp8","title":"Stack Alignment","pathname":"/notes/binexp/stack/return-oriented-programming/stack-alignment","siteSpaceId":"sitesp_CH9l1","description":"A minor issue","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"Return-Oriented Programming"}]},{"id":"-MFFD0EV44u4_qVA72vH","title":"Format String Bug","pathname":"/notes/binexp/stack/format-string","siteSpaceId":"sitesp_CH9l1","description":"Reading memory off the stack","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MFFE3TLJIbrBZ1CXHGr","title":"Stack Canaries","pathname":"/notes/binexp/stack/canaries","siteSpaceId":"sitesp_CH9l1","description":"The Buffer Overflow defence","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MFFD7nnYFMlzvBfW2IJ","title":"PIE","pathname":"/notes/binexp/stack/pie","siteSpaceId":"sitesp_CH9l1","description":"Position Independent Code","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MG9TG_GA999FkGd97S0","title":"Pwntools, PIE and ROP","pathname":"/notes/binexp/stack/pie/pwntools-pie-and-rop","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"PIE"}]},{"id":"-MG9Ye7q95CMAjcB9G56","title":"PIE Bypass with Given Leak","pathname":"/notes/binexp/stack/pie/pie-exploit","siteSpaceId":"sitesp_CH9l1","description":"Exploiting PIE with a given leak","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"PIE"}]},{"id":"-MGEuCK3dv6_aChmTYS8","title":"PIE Bypass","pathname":"/notes/binexp/stack/pie/pie-bypass","siteSpaceId":"sitesp_CH9l1","description":"Using format string","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"PIE"}]},{"id":"-MFFD4yYNbNF6ZmPgraA","title":"ASLR","pathname":"/notes/binexp/stack/aslr","siteSpaceId":"sitesp_CH9l1","description":"Address Space Layout Randomisation","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MGITcrBmafIhzJ8zONE","title":"ASLR Bypass with Given Leak","pathname":"/notes/binexp/stack/aslr/aslr-bypass-with-given-leak","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"ASLR"}]},{"id":"-MEwMV9xiDACH1bDkxlk","title":"PLT and GOT","pathname":"/notes/binexp/stack/aslr/plt_and_got","siteSpaceId":"sitesp_CH9l1","description":"Bypassing ASLR","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"ASLR"}]},{"id":"-MGIZtGplwjdPxowBTda","title":"ret2plt ASLR bypass","pathname":"/notes/binexp/stack/aslr/ret2plt-aslr-bypass","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"ASLR"}]},{"id":"w8ZhtngnCWoWCjpKeQfO","title":"Virtual Addresses and Virtual Memory","pathname":"/notes/binexp/stack/virtual-addresses-and-virtual-memory","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MGNXIn87s00oY0kjsDv","title":"GOT Overwrite","pathname":"/notes/binexp/stack/got-overwrite","siteSpaceId":"sitesp_CH9l1","description":"Hijacking functions","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MGd_7N2CqTz0qqRS4Xg","title":"Exploiting a GOT overwrite","pathname":"/notes/binexp/stack/got-overwrite/exploiting-a-got-overwrite","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"GOT Overwrite"}]},{"id":"-MGdUL_IjxvKLvKzaP_u","title":"RELRO","pathname":"/notes/binexp/stack/relro","siteSpaceId":"sitesp_CH9l1","description":"Relocation Read-Only","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MGdVwo4A9eOKv-igtSX","title":"Reliable Shellcode","pathname":"/notes/binexp/stack/reliable-shellcode","siteSpaceId":"sitesp_CH9l1","description":"Shellcode, but without the guesswork","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MGds4zsHmUzLPpfB-Px","title":"ROP and Shellcode","pathname":"/notes/binexp/stack/reliable-shellcode/rop-and-shellcode","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"Reliable Shellcode"}]},{"id":"-MGhftHddu_mY8nYHNAp","title":"Using RSP","pathname":"/notes/binexp/stack/reliable-shellcode/using-rsp","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"Reliable Shellcode"}]},{"id":"-MGdVSlRl14CTL7pAGtL","title":"ret2reg","pathname":"/notes/binexp/stack/reliable-shellcode/ret2reg","siteSpaceId":"sitesp_CH9l1","description":"Using Registers to bypass ASLR","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"Reliable Shellcode"}]},{"id":"-MPEOABa7B_tLeQByL-B","title":"Using ret2reg","pathname":"/notes/binexp/stack/reliable-shellcode/ret2reg/using-ret2reg","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"Reliable Shellcode"},{"label":"ret2reg"}]},{"id":"-MGdUNPANxmriJFYcCmM","title":"One Gadgets and Malloc Hook","pathname":"/notes/binexp/stack/one-gadgets-and-malloc-hook","siteSpaceId":"sitesp_CH9l1","description":"Quick shells and pointers","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MP6V0U3O21b4iO42_hp","title":"Syscalls","pathname":"/notes/binexp/stack/syscalls","siteSpaceId":"sitesp_CH9l1","description":"Interfacing directly with the kernel","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MP6Xqy9uIUFoIxmoPXM","title":"Exploitation with Syscalls","pathname":"/notes/binexp/stack/syscalls/exploitation-with-syscalls","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"Syscalls"}]},{"id":"-MGdVNEdzeLjZyKvlWMN","title":"Sigreturn-Oriented Programming (SROP)","pathname":"/notes/binexp/stack/syscalls/sigreturn-oriented-programming-srop","siteSpaceId":"sitesp_CH9l1","description":"Controlling all registers at once","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"Syscalls"}]},{"id":"-MP6_iZIPY3b-waEU5sG","title":"Using SROP","pathname":"/notes/binexp/stack/syscalls/sigreturn-oriented-programming-srop/using-srop","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"Syscalls"},{"label":"Sigreturn-Oriented Programming (SROP)"}]},{"id":"-MP6U12IQDlC6hBFXnCK","title":"ret2dlresolve","pathname":"/notes/binexp/stack/ret2dlresolve","siteSpaceId":"sitesp_CH9l1","description":"Resolving our own libc functions","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MPAmfnS62rS4jClJeAy","title":"Exploitation","pathname":"/notes/binexp/stack/ret2dlresolve/exploitation","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"ret2dlresolve"}]},{"id":"-MGdVL0jACy0RG8rCcL6","title":"ret2csu","pathname":"/notes/binexp/stack/ret2csu","siteSpaceId":"sitesp_CH9l1","description":"Controlling registers when gadgets are lacking","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MPEoINlArB1QuEKSIuX","title":"Exploitation","pathname":"/notes/binexp/stack/ret2csu/exploitation","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"ret2csu"}]},{"id":"Ycd8yPkQWHfmskCcrucq","title":"CSU Hardening","pathname":"/notes/binexp/stack/ret2csu/csu-hardening","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"ret2csu"}]},{"id":"-MPETuXtwM5F9OLWHi-G","title":"Exploiting over Sockets","pathname":"/notes/binexp/stack/exploiting-over-sockets","siteSpaceId":"sitesp_CH9l1","description":"File Descriptors and Sockets","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MPYuLRkWdMLvbVKXSII","title":"Exploit","pathname":"/notes/binexp/stack/exploiting-over-sockets/exploit","siteSpaceId":"sitesp_CH9l1","description":"Duplicating the Descriptors","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"Exploiting over Sockets"}]},{"id":"-MPZGnR4l9Si2_u5yFqa","title":"Socat","pathname":"/notes/binexp/stack/exploiting-over-sockets/socat","siteSpaceId":"sitesp_CH9l1","description":"More on socat","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"Exploiting over Sockets"}]},{"id":"-MPETxvuR2LUZ9JHN568","title":"Forking Processes","pathname":"/notes/binexp/stack/forking-processes","siteSpaceId":"sitesp_CH9l1","description":"Flaws with fork()","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MPZtTF07AxI4zHTBsQY","title":"Stack Pivoting","pathname":"/notes/binexp/stack/stack-pivoting","siteSpaceId":"sitesp_CH9l1","description":"Lack of space for ROP","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MPneRQEhEm_EkQKb09h","title":"Exploitation","pathname":"/notes/binexp/stack/stack-pivoting/exploitation","siteSpaceId":"sitesp_CH9l1","description":"Stack Pivoting","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"Stack Pivoting"}]},{"id":"-MPnehmyvbf6y8vEPcXg","title":"pop rsp","pathname":"/notes/binexp/stack/stack-pivoting/exploitation/pop-rsp","siteSpaceId":"sitesp_CH9l1","description":"Using a pop rsp gadget to stack pivot","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"Stack Pivoting"},{"label":"Exploitation"}]},{"id":"-MPoBYxZ8Ky3THRUj31s","title":"leave","pathname":"/notes/binexp/stack/stack-pivoting/exploitation/leave","siteSpaceId":"sitesp_CH9l1","description":"Using leave; ret to stack pivot","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"},{"label":"Stack Pivoting"},{"label":"Exploitation"}]},{"id":"88xvWHwE94cCezDsiFrr","title":"Pointer Authentication","pathname":"/notes/binexp/stack/pointer-authentication","siteSpaceId":"sitesp_CH9l1","description":"An Arm hardware protection to combat ROP","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"7l27XZKbFP33qlnHzUUw","title":"Memory Tagging Extension (MTE)","pathname":"/notes/binexp/stack/memory-tagging-extension-mte","siteSpaceId":"sitesp_CH9l1","description":"Arm's MTE Hardware Protection","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"CwtOAby5MalzoNnwhdxw","title":"Memory Integrity Enforcement","pathname":"/notes/binexp/stack/memory-integrity-enforcement","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Stack"}]},{"id":"-MGSSdWj2YOl0jcGJ9fJ","title":"Heap","pathname":"/notes/binexp/heap","siteSpaceId":"sitesp_CH9l1","description":"Still learning :)","breadcrumbs":[{"label":"Binary Exploitation"}]},{"id":"-MJIsVOZY-drXgLqbBqr","title":"Introduction to the Heap","pathname":"/notes/binexp/heap/introduction-to-the-heap","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"}]},{"id":"-MK9CfruomQLslmTDrSY","title":"Chunks","pathname":"/notes/binexp/heap/chunks","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"}]},{"id":"-MJMdCFP3VphbbO4jj7R","title":"Freeing Chunks and the Bins","pathname":"/notes/binexp/heap/bins","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"}]},{"id":"8Y5GfcSebPImqDwZiVH5","title":"Operations of the Fastbin","pathname":"/notes/binexp/heap/bins/operations-of-the-fastbin","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"},{"label":"Freeing Chunks and the Bins"}]},{"id":"-MJNPnZgvzDlfXIoP2wl","title":"Operations of the Other Bins","pathname":"/notes/binexp/heap/bins/chunk-allocation-and-reallocation","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"},{"label":"Freeing Chunks and the Bins"}]},{"id":"ldIhlZQRTxHIWnDMcsts","title":"The Top Chunk and Remainder","pathname":"/notes/binexp/heap/the-top-chunk-and-remainder","siteSpaceId":"sitesp_CH9l1","description":"Creating more heap space","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"}]},{"id":"0fLviwzDQA8QmlM7Rj0c","title":"Malloc State","pathname":"/notes/binexp/heap/malloc-state","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"}]},{"id":"SdlKsOdPr9R7yfvSXhaZ","title":"malloc_consolidate()","pathname":"/notes/binexp/heap/malloc_consolidate","siteSpaceId":"sitesp_CH9l1","description":"Consolidating fastbins","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"}]},{"id":"-MJN0JfkoZItZZoDzl84","title":"Heap Overflow","pathname":"/notes/binexp/heap/heap-overflow","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"}]},{"id":"-MGSSzbtPTOdMuOO-RDu","title":"heap0","pathname":"/notes/binexp/heap/heap-overflow/heap0","siteSpaceId":"sitesp_CH9l1","description":"http://exploit.education/phoenix/heap-zero/","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"},{"label":"Heap Overflow"}]},{"id":"-MGXr0L8XFvcmCL4WN5m","title":"heap1","pathname":"/notes/binexp/heap/heap-overflow/heap1","siteSpaceId":"sitesp_CH9l1","description":"http://exploit.education/phoenix/heap-one/","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"},{"label":"Heap Overflow"}]},{"id":"-MJN1EY4AIo1Tr7qxEmu","title":"Use-After-Free","pathname":"/notes/binexp/heap/use-after-free","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"}]},{"id":"-MK9TTd6NQRN87bTmW_r","title":"Double-Free","pathname":"/notes/binexp/heap/double-free","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"}]},{"id":"-MK9YeWVYECqHbuE45yx","title":"Double-Free Protections","pathname":"/notes/binexp/heap/double-free/double-free-protections","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"},{"label":"Double-Free"}]},{"id":"-MNUyFU3IiJW8hfcU4pC","title":"Double-Free Exploit","pathname":"/notes/binexp/heap/double-free/double-free-exploit","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"},{"label":"Double-Free"}]},{"id":"-MKzBLt-uAzLTUAYUeHg","title":"Unlink Exploit","pathname":"/notes/binexp/heap/unlink-exploit","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"}]},{"id":"BzYdrktoakrNt1EvTBTe","title":"The Tcache","pathname":"/notes/binexp/heap/the-tcache","siteSpaceId":"sitesp_CH9l1","description":"New and efficient heap management","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"}]},{"id":"byi5NC9FHe5s79ruPrM4","title":"Tcache: calloc()","pathname":"/notes/binexp/heap/the-tcache/tcache-calloc","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"},{"label":"The Tcache"}]},{"id":"ru6mMsOBfNN2G1Ktf170","title":"Tcache Poisoning","pathname":"/notes/binexp/heap/the-tcache/tcache-poisoning","siteSpaceId":"sitesp_CH9l1","description":"Reintroducing double-frees","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"},{"label":"The Tcache"}]},{"id":"Xm21KvIwlGGEIdR8djcY","title":"The Malloc Maleficarum","pathname":"/notes/binexp/heap/the-malloc-maleficarum","siteSpaceId":"sitesp_CH9l1","description":"The first heap exploits","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"}]},{"id":"czBohfyBsH5gV0MeaKKp","title":"The House of Force","pathname":"/notes/binexp/heap/the-malloc-maleficarum/the-house-of-force","siteSpaceId":"sitesp_CH9l1","description":"Exploiting the wilderness","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"},{"label":"The Malloc Maleficarum"}]},{"id":"Q42IWuBEDTc4iz9Z7tns","title":"Tcache Keys","pathname":"/notes/binexp/heap/tcache-keys","siteSpaceId":"sitesp_CH9l1","description":"A primitive double-free protection","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"}]},{"id":"RcnXwfG9czTXsJa0mO48","title":"Safe Linking","pathname":"/notes/binexp/heap/safe-linking","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Heap"}]},{"id":"-MQ7AJM-6s0nfxmI2I2g","title":"Kernel","pathname":"/notes/binexp/kernel","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"}]},{"id":"-MQ7AQC3EJC_zWx_h4ZC","title":"Introduction","pathname":"/notes/binexp/kernel/introduction","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"}]},{"id":"-MQ7FcHGhwNGTm6ouLzy","title":"Writing a Char Module","pathname":"/notes/binexp/kernel/writing-a-char-module","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"}]},{"id":"-MQ7R2QKNb2O7VGcCxYl","title":"An Interactive Char Driver","pathname":"/notes/binexp/kernel/writing-a-char-module/a-communicatable-char-driver","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"},{"label":"Writing a Char Module"}]},{"id":"-MaxQ_XVOG5Pmuh7-aar","title":"Interactivity with IOCTL","pathname":"/notes/binexp/kernel/writing-a-char-module/interactivity-with-ioctl","siteSpaceId":"sitesp_CH9l1","description":"A more useful way to interact with the driver","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"},{"label":"Writing a Char Module"}]},{"id":"jW8UEaoMwbmNIV50aXTg","title":"A Basic Kernel Interaction Challenge","pathname":"/notes/binexp/kernel/a-basic-kernel-interaction-challenge","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"}]},{"id":"arbyeiSr4LOoTxlyML7F","title":"Compiling, Customising and booting the Kernel","pathname":"/notes/binexp/kernel/compiling-customising-and-booting-the-kernel","siteSpaceId":"sitesp_CH9l1","description":"Instructions for compiling the kernel with your own settings, as well as compiling kernel modules for a specific kernel version.","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"}]},{"id":"4VA0nYnWz6NzSO8j3W8v","title":"Double-Fetch","pathname":"/notes/binexp/kernel/double-fetch","siteSpaceId":"sitesp_CH9l1","description":"The most simple of vulnerabilities","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"}]},{"id":"eF8r8F9x2N3epBMvEZ7e","title":"Double-Fetch without Sleep","pathname":"/notes/binexp/kernel/double-fetch/double-fetch-without-sleep","siteSpaceId":"sitesp_CH9l1","description":"Removing the artificial sleep","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"},{"label":"Double-Fetch"}]},{"id":"wEocr2X90cQTE9U7XYhk","title":"The Ultimate Aim of Kernel Exploitation - Process Credentials","pathname":"/notes/binexp/kernel/the-ultimate-aim-of-kernel-exploitation-process-credentials","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"}]},{"id":"pyCzXmeU9OXHoDgrDyvD","title":"Kernel ROP - ret2usr","pathname":"/notes/binexp/kernel/kernel-rop-ret2usr","siteSpaceId":"sitesp_CH9l1","description":"ROPpety boppety, but now in the kernel","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"}]},{"id":"cwbyfuAHVu8TgSCO6CXg","title":"Debugging a Kernel Module","pathname":"/notes/binexp/kernel/debugging-a-kernel-module","siteSpaceId":"sitesp_CH9l1","description":"A practical example","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"}]},{"id":"PqxKQoapHE0GnScmUeho","title":"SMEP","pathname":"/notes/binexp/kernel/smep","siteSpaceId":"sitesp_CH9l1","description":"Supervisor Memory Execute Protection","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"}]},{"id":"IajnwMVeDTy6TD7a25lS","title":"Kernel ROP - Disabling SMEP","pathname":"/notes/binexp/kernel/smep/kernel-rop-disabling-smep","siteSpaceId":"sitesp_CH9l1","description":"An old technique","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"},{"label":"SMEP"}]},{"id":"7vZq1Orf0wGmvqiyZexC","title":"Kernel ROP - Privilege Escalation in Kernel Space","pathname":"/notes/binexp/kernel/smep/kernel-rop-privilege-escalation-in-kernel-space","siteSpaceId":"sitesp_CH9l1","description":"Bypassing SMEP by ropping through the kernel","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"},{"label":"SMEP"}]},{"id":"t8yZzTXarWyICLNmlnwe","title":"Kernel ROP - Stack Pivoting","pathname":"/notes/binexp/kernel/smep/kernel-rop-stack-pivoting","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"},{"label":"SMEP"}]},{"id":"AvQLRYsLJfaGV2aLCKkF","title":"SMAP","pathname":"/notes/binexp/kernel/smap","siteSpaceId":"sitesp_CH9l1","description":"Supervisor Memory Access Protection","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"}]},{"id":"RSsSSCIeZx1Mt9PH9ye7","title":"Overwriting modprobe_path","pathname":"/notes/binexp/kernel/modprobe_path","siteSpaceId":"sitesp_CH9l1","description":"A simple way to pop a shell","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"}]},{"id":"zmWIkIcVbKV9bYah3bNN","title":"KASLR","pathname":"/notes/binexp/kernel/kaslr","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"}]},{"id":"JytvMfG9ijIQ0wUlcdIW","title":"KPTI","pathname":"/notes/binexp/kernel/kpti","siteSpaceId":"sitesp_CH9l1","description":"Kernel Page Table Isolation","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"}]},{"id":"1MkBYSOuRJKgEkvvIdb1","title":"Kernel Heap","pathname":"/notes/binexp/kernel/page","siteSpaceId":"sitesp_CH9l1","description":"The pain of it all","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"}]},{"id":"EToI6Y9otWoxJEWWXZQM","title":"Heap Structures","pathname":"/notes/binexp/kernel/heap-structures","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"}]},{"id":"dPnh0OAk2goG69Ir9VKc","title":"TODO","pathname":"/notes/binexp/kernel/todo","siteSpaceId":"sitesp_CH9l1","description":"Random stuff I want to mention somewhere, but too small for its own page","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Kernel"}]},{"id":"O85s2YH8o9Uwu7qh2R13","title":"Browser Exploitation","pathname":"/notes/binexp/browser-exploitation","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Binary Exploitation"}]},{"id":"4KDb5q0UeAbQE0SCKAxc","title":"*CTF 2019 - oob-v8","pathname":"/notes/binexp/browser-exploitation/ctf-2019-oob-v8","siteSpaceId":"sitesp_CH9l1","description":"Setting Up","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Browser Exploitation"}]},{"id":"GfmLGHqefr0meYPWRr2I","title":"The Challenge","pathname":"/notes/binexp/browser-exploitation/ctf-2019-oob-v8/the-challenge","siteSpaceId":"sitesp_CH9l1","description":"The actual challenge","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Browser Exploitation"},{"label":"*CTF 2019 - oob-v8"}]},{"id":"Jy80CEzJfIoQgSGBZ9RE","title":"picoCTF 2021 - Kit Engine","pathname":"/notes/binexp/browser-exploitation/picoctf-2021-kit-engine","siteSpaceId":"sitesp_CH9l1","description":"A lesson in floating-point form","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Browser Exploitation"}]},{"id":"y3Mnx01nX68Njdhe6qWW","title":"picoCTF 2021 - Download Horsepower","pathname":"/notes/binexp/browser-exploitation/picoctf-2021-download-horsepower","siteSpaceId":"sitesp_CH9l1","description":"Another OOB, but with pointer compression","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Browser Exploitation"}]},{"id":"gkjnFKcQgCq3VJ56xaYv","title":"Browser Architecture","pathname":"/notes/binexp/browser-exploitation/browser-architecture","siteSpaceId":"sitesp_CH9l1","description":"A look at how browsers work under the hood","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Browser Exploitation"}]},{"id":"FEx2q1xZ4fN4cwqojMjr","title":"Operation of the Renderer","pathname":"/notes/binexp/browser-exploitation/browser-architecture/operation-of-the-renderer","siteSpaceId":"sitesp_CH9l1","description":"How the renderer process works","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Browser Exploitation"},{"label":"Browser Architecture"}]},{"id":"DUIuZynvZk4jTR1FYZzF","title":"An Introduction to Turbofan","pathname":"/notes/binexp/browser-exploitation/an-introduction-to-turbofan","siteSpaceId":"sitesp_CH9l1","description":"V8's Optimizer","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Browser Exploitation"}]},{"id":"1hD5kWMZgNz7msEBU6WJ","title":"A Typer Bug","pathname":"/notes/binexp/browser-exploitation/an-introduction-to-turbofan/a-typer-bug","siteSpaceId":"sitesp_CH9l1","description":"One of my favourites","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Browser Exploitation"},{"label":"An Introduction to Turbofan"}]},{"id":"5fqB3Q4dmxQ5G3PV76e2","title":"Memory Safety","pathname":"/notes/binexp/memory-safety","siteSpaceId":"sitesp_CH9l1","description":"Languages like Rust and Swift claim to be \"memory-safe\". What does that mean?","breadcrumbs":[{"label":"Binary Exploitation"}]},{"id":"xcQxOQfXicQ746n20NwN","title":"C++ Smart Pointers","pathname":"/notes/binexp/memory-safety/c++-smart-pointers","siteSpaceId":"sitesp_CH9l1","description":"C++'s foray into memory safety","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Memory Safety"}]},{"id":"2fgi9aNIvJ1Bw4mESnzJ","title":"RAII (Resource Acquisition is Initialization)","pathname":"/notes/binexp/memory-safety/raii-resource-acquisition-is-initialization","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Memory Safety"}]},{"id":"Idt2j04iaBeZuSiY9Zht","title":"Garbage Collection","pathname":"/notes/binexp/memory-safety/garbage-collection","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Memory Safety"}]},{"id":"mSbAmQnirsMvjQUjg0JS","title":"Tracing Garbage Collection","pathname":"/notes/binexp/memory-safety/garbage-collection/tracing-garbage-collection","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Memory Safety"},{"label":"Garbage Collection"}]},{"id":"EKeceysW9LtSScyNau4W","title":"Automatic Reference Counting","pathname":"/notes/binexp/memory-safety/garbage-collection/automatic-reference-counting","siteSpaceId":"sitesp_CH9l1","description":"Apple's preferred approach to automatic memory management","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Memory Safety"},{"label":"Garbage Collection"}]},{"id":"OAC3Y3mcPlZl8jnbEQ7i","title":"Rust","pathname":"/notes/binexp/memory-safety/rust","siteSpaceId":"sitesp_CH9l1","description":"The poster child for memory safety","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Memory Safety"}]},{"id":"r9uXALXm77zk7n33L8HB","title":"Python (and C#, Java)","pathname":"/notes/binexp/memory-safety/python-and-c-java","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Memory Safety"}]},{"id":"aCBubm5Y3cP11RWuoUa5","title":"Swift","pathname":"/notes/binexp/memory-safety/swift","siteSpaceId":"sitesp_CH9l1","description":"Swift uses purely ARC. How does it fix the problems that arise without a tracing garbage collector?","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Memory Safety"}]},{"id":"2zl2X7nvY1lUEUc02kBm","title":"Sandboxing","pathname":"/notes/binexp/memory-safety/sandboxing","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Binary Exploitation"},{"label":"Memory Safety"}]},{"id":"koAv8TiDstoW28GTdaBs","title":"Dynamic Binary Instrumentation","pathname":"/notes/binexp/dynamic-binary-instrumentation","siteSpaceId":"sitesp_CH9l1","description":"Manipulating programs without the source","breadcrumbs":[{"label":"Binary Exploitation"}]},{"id":"P5GV7MeO8rscF8P4vbok","title":"Strings in C++","pathname":"/notes/rev/strings-in-c++","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Reverse Engineering"}]},{"id":"YbGJwC9qpj0eLFHWySEf","title":"C++ Decompilation Tricks","pathname":"/notes/rev/c++-decompilation-tricks","siteSpaceId":"sitesp_CH9l1","description":"How decompilers do stuff","breadcrumbs":[{"label":"Reverse Engineering"}]},{"id":"f90ihGgGmLbq0y9SJtYB","title":"Reverse Engineering ARM","pathname":"/notes/rev/reverse-engineering-arm","siteSpaceId":"sitesp_CH9l1","description":"Just a ragged collection of notes before I do anything proper - do not take this as gospel! I am doing ARM reversing on my M1 MacBook for fun...","breadcrumbs":[{"label":"Reverse Engineering"}]},{"id":"dJq8qdmyTD6LXvtgjduU","title":"Introduction","pathname":"/notes/cryptography/introduction","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Cryptography"}]},{"id":"9zl7zHNduglgjGkOfyPM","title":"Number Theory Fundamentals","pathname":"/notes/cryptography/number-theory-fundamentals","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Cryptography"}]},{"id":"GPlhiivjI57MmVzdKPAH","title":"Divisibility, Factors and Euclid's Algorithms","pathname":"/notes/cryptography/number-theory-fundamentals/divisibility-factors-and-euclids-algorithms","siteSpaceId":"sitesp_CH9l1","description":"An outline of the fundamentals of number theory","breadcrumbs":[{"label":"Cryptography"},{"label":"Number Theory Fundamentals"}]},{"id":"m1860W5rbVaLBl1RrZJ7","title":"Modular Arithmetic","pathname":"/notes/cryptography/number-theory-fundamentals/modular-arithmetic","siteSpaceId":"sitesp_CH9l1","description":"An introduction to the fundamentals","breadcrumbs":[{"label":"Cryptography"},{"label":"Number Theory Fundamentals"}]},{"id":"gaoborDSaFfzgr7jLL2X","title":"Rings, Fields and Euler's Totient Function","pathname":"/notes/cryptography/number-theory-fundamentals/rings-fields-and-eulers-totient-function","siteSpaceId":"sitesp_CH9l1","description":"The basics of Rings, Fields and Euler's Phi Function","breadcrumbs":[{"label":"Cryptography"},{"label":"Number Theory Fundamentals"}]},{"id":"X3dR5pVsYkrC169UYlIK","title":"Continued Fractions","pathname":"/notes/cryptography/continued-fractions","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Cryptography"}]},{"id":"zBXtjS8RXA8NqTJsl0lc","title":"RSA","pathname":"/notes/cryptography/overview","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Cryptography"}]},{"id":"wbmn99rrv2a66m1a69rU","title":"Public Exponent Attacks","pathname":"/notes/cryptography/overview/public-exponent-attacks","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Cryptography"},{"label":"RSA"}]},{"id":"8zS7DFuf1Olh8zj0oQG2","title":"e=1","pathname":"/notes/cryptography/overview/public-exponent-attacks/e-1","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Cryptography"},{"label":"RSA"},{"label":"Public Exponent Attacks"}]},{"id":"dTLwGtFDGr00UGECJd5T","title":"Small e","pathname":"/notes/cryptography/overview/public-exponent-attacks/small-e","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Cryptography"},{"label":"RSA"},{"label":"Public Exponent Attacks"}]},{"id":"HLUKKccP3qxUcur5Uw8h","title":"Multi-party RSA with Small e","pathname":"/notes/cryptography/overview/public-exponent-attacks/multi-party-rsa-with-small-e","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Cryptography"},{"label":"RSA"},{"label":"Public Exponent Attacks"}]},{"id":"KNCjOQd5OqF4k0J5HvRE","title":"Wiener's Attack","pathname":"/notes/cryptography/overview/public-exponent-attacks/wieners-attack","siteSpaceId":"sitesp_CH9l1","description":"Using Continued Fractions to attack large e values","breadcrumbs":[{"label":"Cryptography"},{"label":"RSA"},{"label":"Public Exponent Attacks"}]},{"id":"3vzJNP2UMS4ygLTacYhF","title":"Choice of Primes","pathname":"/notes/cryptography/overview/choice-of-primes","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Cryptography"},{"label":"RSA"}]},{"id":"NWRxQzt03Z30Z4Dx3v1A","title":"N is prime","pathname":"/notes/cryptography/overview/choice-of-primes/n-is-prime","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Cryptography"},{"label":"RSA"},{"label":"Choice of Primes"}]},{"id":"iZp3bVyyyIvNqBrwabnI","title":"Mersenne Primes","pathname":"/notes/cryptography/overview/choice-of-primes/mersenne-primes","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Cryptography"},{"label":"RSA"},{"label":"Choice of Primes"}]},{"id":"jgXmm1iwVVZQQyHvlh9P","title":"P=Q","pathname":"/notes/cryptography/overview/choice-of-primes/p-q","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Cryptography"},{"label":"RSA"},{"label":"Choice of Primes"}]},{"id":"FlkbeD93F7cnzXzF58Ek","title":"Fermat Factorisation","pathname":"/notes/cryptography/overview/choice-of-primes/fermat-factorisation","siteSpaceId":"sitesp_CH9l1","description":"Used when p and q are numericaly close","breadcrumbs":[{"label":"Cryptography"},{"label":"RSA"},{"label":"Choice of Primes"}]},{"id":"3oeeyoL88eGHacXuoX2c","title":"Factorisation Methods","pathname":"/notes/cryptography/overview/factorisation-methods","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Cryptography"},{"label":"RSA"}]},{"id":"j2d0BmdmN8V9JMKPIpgc","title":"Pollard's p-1","pathname":"/notes/cryptography/overview/factorisation-methods/pollards-p-1","siteSpaceId":"sitesp_CH9l1","description":"Factorising N when we know a factor is smooth","breadcrumbs":[{"label":"Cryptography"},{"label":"RSA"},{"label":"Factorisation Methods"}]},{"id":"7H2vOAvm4CHpjfo8jq1I","title":"Diffie-Hellman Key Exchange","pathname":"/notes/cryptography/overview-1","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Cryptography"}]},{"id":"TdsbPKGwgajKiY5gOGcI","title":"Solving the DLP","pathname":"/notes/cryptography/overview-1/solving-the-dlp","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Cryptography"},{"label":"Diffie-Hellman Key Exchange"}]},{"id":"4KuJzGqFdrWEnEj67mky","title":"Baby Step, Giant Step","pathname":"/notes/cryptography/overview-1/solving-the-dlp/baby-step-giant-step","siteSpaceId":"sitesp_CH9l1","description":"The simple iterative approach","breadcrumbs":[{"label":"Cryptography"},{"label":"Diffie-Hellman Key Exchange"},{"label":"Solving the DLP"}]},{"id":"Hh8UxQCbUPnHvAhyB8oK","title":"An Introduction to Blockchain","pathname":"/notes/blockchain/an-introduction-to-blockchain","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Blockchain"}]},{"id":"amtbJpCOct0sxptC1qLg","title":"Smart Contracts and Solidity","pathname":"/notes/blockchain/smart-contracts-and-solidity","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Blockchain"}]},{"id":"nAz9weil3JfGx4yKpXWB","title":"Hosting a Testnet and Deploying a Contract","pathname":"/notes/blockchain/hosting-a-testnet-and-deploying-a-contract","siteSpaceId":"sitesp_CH9l1","description":"Using Foundry to start a local testnet and deploy a Solidity contract.","breadcrumbs":[{"label":"Blockchain"}]},{"id":"loKIlto9mlU5ADGI9xFl","title":"Interacting with Python","pathname":"/notes/blockchain/interacting-with-python","siteSpaceId":"sitesp_CH9l1","description":"Using web3.py","breadcrumbs":[{"label":"Blockchain"}]},{"id":"WylbpRiyXfOdbj3Z8t9E","title":"Ethereum Overview","pathname":"/notes/blockchain/ethereum-overview","siteSpaceId":"sitesp_CH9l1","description":"The one we need to understand","breadcrumbs":[{"label":"Blockchain"}]},{"id":"xw8eLjX8WoehwAlc2QYB","title":"Hack The Box","pathname":"/notes/writeups/hack-the-box","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Writeups"}]},{"id":"zIsrTMdsiSx2eTkuuihO","title":"Linux Machines","pathname":"/notes/writeups/hack-the-box/linux-machines","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Writeups"},{"label":"Hack The Box"}]},{"id":"86fcLRf4IZNEvGld2wv6","title":"Easy","pathname":"/notes/writeups/hack-the-box/linux-machines/easy-linux","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"Hack The Box"},{"label":"Linux Machines"}]},{"id":"dqY7uX1US4ja7YJ3DLBs","title":"Traceback","pathname":"/notes/writeups/hack-the-box/linux-machines/easy-linux/traceback","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"Hack The Box"},{"label":"Linux Machines"},{"label":"Easy"}]},{"id":"oNsSCYXMPeVjaKXOIlIH","title":"Medium","pathname":"/notes/writeups/hack-the-box/linux-machines/medium","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"Hack The Box"},{"label":"Linux Machines"}]},{"id":"TtFZi3VjjPxtRuiIBLCM","title":"Magic","pathname":"/notes/writeups/hack-the-box/linux-machines/medium/magic","siteSpaceId":"sitesp_CH9l1","description":"SQL injection, PHP reverse shell upload, mysqldump and PATH injection","breadcrumbs":[{"label":"Writeups"},{"label":"Hack The Box"},{"label":"Linux Machines"},{"label":"Medium"}]},{"id":"Yhgz7vvkXvyldrjK0hQn","title":"UpDown","pathname":"/notes/writeups/hack-the-box/linux-machines/medium/updown","siteSpaceId":"sitesp_CH9l1","description":"LFI to RCE using PHAR files while bypassing disabled_functions, followed by abuse of SUID and sudo.","breadcrumbs":[{"label":"Writeups"},{"label":"Hack The Box"},{"label":"Linux Machines"},{"label":"Medium"}]},{"id":"EpfXr4qr7xKVUenMsI1C","title":"Hard","pathname":"/notes/writeups/hack-the-box/linux-machines/hard","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"Hack The Box"},{"label":"Linux Machines"}]},{"id":"udqjJbol90YLxVcm4VJr","title":"Intense","pathname":"/notes/writeups/hack-the-box/linux-machines/hard/intense","siteSpaceId":"sitesp_CH9l1","description":"SQL Injection, Hash Length Extension, LFI and binary exploitation","breadcrumbs":[{"label":"Writeups"},{"label":"Hack The Box"},{"label":"Linux Machines"},{"label":"Hard"}]},{"id":"HqFPFSYkSam44rZQCINE","title":"Challenges","pathname":"/notes/writeups/hack-the-box/challenges","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Writeups"},{"label":"Hack The Box"}]},{"id":"Lzn83EyBRyisUXMvwYRS","title":"Web","pathname":"/notes/writeups/hack-the-box/challenges/web","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"Hack The Box"},{"label":"Challenges"}]},{"id":"Ybzd6mKTRpLvZFAEl9tZ","title":"Looking Glass","pathname":"/notes/writeups/hack-the-box/challenges/web/looking-glass","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"Hack The Box"},{"label":"Challenges"},{"label":"Web"}]},{"id":"HGF9pCIGZutD7F6ZYIBd","title":"Sanitize","pathname":"/notes/writeups/hack-the-box/challenges/web/sanitize","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"Hack The Box"},{"label":"Challenges"},{"label":"Web"}]},{"id":"0QxCWVnfN1rB5AcL4L1W","title":"Baby Auth","pathname":"/notes/writeups/hack-the-box/challenges/web/baby-auth","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"Hack The Box"},{"label":"Challenges"},{"label":"Web"}]},{"id":"xpu58iO9obkGyAo3gLHX","title":"Baby Website Rick","pathname":"/notes/writeups/hack-the-box/challenges/web/baby-website-rick","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"Hack The Box"},{"label":"Challenges"},{"label":"Web"}]},{"id":"zjEAtgevouwSXOuEYhI3","title":"Pwn","pathname":"/notes/writeups/hack-the-box/challenges/pwn","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"Hack The Box"},{"label":"Challenges"}]},{"id":"nwG1jiQ58dqKirJI2AxW","title":"Dream Diary: Chapter 1","pathname":"/notes/writeups/hack-the-box/challenges/pwn/dream-diary-chapter-1","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"Hack The Box"},{"label":"Challenges"},{"label":"Pwn"}]},{"id":"O22srAaaCM5lQ7tqhbKr","title":"Unlink Exploit","pathname":"/notes/writeups/hack-the-box/challenges/pwn/dream-diary-chapter-1/unlink-exploit","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"Hack The Box"},{"label":"Challenges"},{"label":"Pwn"},{"label":"Dream Diary: Chapter 1"}]},{"id":"pQQPIoWDVHDEqxYU6KlM","title":"Chunk Overlap","pathname":"/notes/writeups/hack-the-box/challenges/pwn/dream-diary-chapter-1/chunk-overlap","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"Hack The Box"},{"label":"Challenges"},{"label":"Pwn"},{"label":"Dream Diary: Chapter 1"}]},{"id":"U4B2h4cedNwR0rgQS05Y","title":"Ropme","pathname":"/notes/writeups/hack-the-box/challenges/pwn/ropme","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"Hack The Box"},{"label":"Challenges"},{"label":"Pwn"}]},{"id":"6rxwGi7fma6JTrFp0upM","title":"picoGym","pathname":"/notes/writeups/picogym","siteSpaceId":"sitesp_CH9l1","description":"picoGym contains all of the past challenges from previous picoCTF events and can be found at https://play.picoctf.org/practice","breadcrumbs":[{"label":"Writeups"}]},{"id":"z0nrf73pku4qT4aMWfES","title":"Cryptography","pathname":"/notes/writeups/picogym/cryptography","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"}]},{"id":"3sVDyz55DznEEBwzyMud","title":"Mod 26","pathname":"/notes/writeups/picogym/cryptography/mod-26","siteSpaceId":"sitesp_CH9l1","description":"Cryptography can be easy, do you know what ROT13 is? cvpbPGS{arkg_gvzr_V'yy_gel_2_ebhaqf_bs_ebg13_uJdSftmh}","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"f4uTJpaUxXMmUKM4MBPc","title":"Mind Your Ps and Qs","pathname":"/notes/writeups/picogym/cryptography/mind-your-ps-and-qs","siteSpaceId":"sitesp_CH9l1","description":"In RSA, a small e value can be problematic, but what about N? Can you decrypt this? values","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"tfFO6dcLQEneFkHAybH6","title":"Easy Peasy","pathname":"/notes/writeups/picogym/cryptography/easy-peasy","siteSpaceId":"sitesp_CH9l1","description":"A one-time pad is unbreakable, but can you manage to recover the flag? (Wrap with picoCTF{}) nc mercury.picoctf.net 11188 otp.py","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"7ygBRrVkW4XOAN0DJLiB","title":"The Numbers","pathname":"/notes/writeups/picogym/cryptography/the-numbers","siteSpaceId":"sitesp_CH9l1","description":"The numbers... what do they mean?","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"OleKnb8tRsgoDmWGr6tp","title":"New Caesar","pathname":"/notes/writeups/picogym/cryptography/new-caesar","siteSpaceId":"sitesp_CH9l1","description":"We found a brand new type of encryption, can you break the secret code? (Wrap with picoCTF{}) apbopjbobpnjpjnmnnnmnlnbamnpnononpnaaaamnlnkapndnkncamnpapncnbannaapncndnlnpna new_caesar.py","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"HG5XsUy3AoSGI9wIvXOj","title":"Mini RSA","pathname":"/notes/writeups/picogym/cryptography/mini-rsa","siteSpaceId":"sitesp_CH9l1","description":"What happens if you have a small exponent? There is a twist though, we padded the plaintext so that (M ** e) is just barely larger than N. Let's decrypt this: ciphertext","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"BBYSJUZrGgJ8yuUMoB4l","title":"Dachshund Attacks","pathname":"/notes/writeups/picogym/cryptography/dachshund-attacks","siteSpaceId":"sitesp_CH9l1","description":"What if d is too small? Connect with nc mercury.picoctf.net 37455.","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"RMR9BqmrIt4FeizLm6MD","title":"No Padding, No Problem","pathname":"/notes/writeups/picogym/cryptography/no-padding-no-problem","siteSpaceId":"sitesp_CH9l1","description":"Oracles can be your best friend, they will decrypt anything, except the flag's ciphertext. How will you break it? Connect with nc mercury.picoctf.net 10333","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"uzhpDQiura0ji22wALD6","title":"Easy1","pathname":"/notes/writeups/picogym/cryptography/easy1","siteSpaceId":"sitesp_CH9l1","description":"The one time pad can be cryptographically secure, but not when you know the key. Can you solve this? We've given you the encrypted flag, key, and a table to help UFJKXQZQUNB with the key of SOLVECRYPT","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"Cum0wFs1j5gfuBaZh26N","title":"13","pathname":"/notes/writeups/picogym/cryptography/13","siteSpaceId":"sitesp_CH9l1","description":"Cryptography can be easy, do you know what ROT13 is? cvpbPGS{abg_gbb_onq_bs_n_ceboyrz}","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"bcWVxXDYpNtLySJYA6Uj","title":"Caesar","pathname":"/notes/writeups/picogym/cryptography/caesar","siteSpaceId":"sitesp_CH9l1","description":"Decrypt this message.","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"GIYEVbDDtMjgKJPuJoY3","title":"Pixelated","pathname":"/notes/writeups/picogym/cryptography/pixelated","siteSpaceId":"sitesp_CH9l1","description":"I have these 2 images, can you make a flag out of them? scrambled1.png scrambled2.png","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"PInHw0pqzxHXNVZXVDXI","title":"Basic-Mod1","pathname":"/notes/writeups/picogym/cryptography/basic-mod1","siteSpaceId":"sitesp_CH9l1","description":"Take each number mod 37 and map it to the following character set: 0-25 is the alphabet (uppercase), 26-35 are the decimal digits, and 36 is an underscore. Wrap your decrypted message in picoCTF.","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"e9BpjzWLa7BDAinMQF9C","title":"Basic-Mod2","pathname":"/notes/writeups/picogym/cryptography/basic-mod2","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"tQoDeYxRz2GUOfEEzhT7","title":"Credstuff","pathname":"/notes/writeups/picogym/cryptography/credstuff","siteSpaceId":"sitesp_CH9l1","description":"We found a leak of a blackmarket website's login credentials. Can you find the password of the user cultiris and successfully decrypt it? Download the leak here.","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"91H8c4K911P24QDXJ6L9","title":"morse-code","pathname":"/notes/writeups/picogym/cryptography/morse-code","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"9567wBY65lFG3z1etoWd","title":"rail-fence","pathname":"/notes/writeups/picogym/cryptography/rail-fence","siteSpaceId":"sitesp_CH9l1","description":"A type of transposition cipher is the rail fence cipher, which is described here. Here is one such cipher encrypted using the rail fence with 4 rails. Can you decrypt it?","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"xIKlbu4YJOw5lX4Rqf4P","title":"Substitution0","pathname":"/notes/writeups/picogym/cryptography/substitution0","siteSpaceId":"sitesp_CH9l1","description":"A message has come in but it seems to be all scrambled. Luckily it seems to have the key at the beginning. Can you crack this substitution cipher?","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"z0Z8lHBg3rP4N8gjh418","title":"Substitution1","pathname":"/notes/writeups/picogym/cryptography/substitution1","siteSpaceId":"sitesp_CH9l1","description":"A second message has come in the mail, and it seems almost identical to the first one. Maybe the same thing will work again.","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"aHjNFNI1JstWTWzt0TP0","title":"Substitution2","pathname":"/notes/writeups/picogym/cryptography/substitution2","siteSpaceId":"sitesp_CH9l1","description":"It seems that another encrypted message has been intercepted. The encryptor seems to have learned their lesson though and now there isn't any punctuation! Can you still crack the cipher?","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"GKW6ORVuY8FcRKFKRKeQ","title":"Transposition-Trial","pathname":"/notes/writeups/picogym/cryptography/transposition-trial","siteSpaceId":"sitesp_CH9l1","description":"Our data got corrupted on the way here. Luckily, nothing got replaced, but every block of 3 got scrambled around!","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"Ug2j8q2wWGVPeExOMR84","title":"Vigenere","pathname":"/notes/writeups/picogym/cryptography/vigenere","siteSpaceId":"sitesp_CH9l1","description":"Can you decrypt this message?","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"GbgNCCzE5dMdKMlg7Nno","title":"HideToSee","pathname":"/notes/writeups/picogym/cryptography/hidetosee","siteSpaceId":"sitesp_CH9l1","description":"How about some hide and seek heh? Look at this image here.","breadcrumbs":[{"label":"Writeups"},{"label":"picoGym"},{"label":"Cryptography"}]},{"id":"1UFQOgvlQSSQhdSlRMwC","title":"CTFs","pathname":"/notes/writeups/ctfs","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Writeups"}]},{"id":"8JwskLO9k3H6nTsF3kLF","title":"Fword CTF 2020","pathname":"/notes/writeups/ctfs/fword-ctf-2020","siteSpaceId":"sitesp_CH9l1","description":"https://ctftime.org/event/1066","breadcrumbs":[{"label":"Writeups"},{"label":"CTFs"}]},{"id":"PaCI9kv4CRBoNmDvNqzp","title":"Binary Exploitation","pathname":"/notes/writeups/ctfs/fword-ctf-2020/binary-exploitation","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"CTFs"},{"label":"Fword CTF 2020"}]},{"id":"Bs8ytxSncSOcm464kRhx","title":"Molotov","pathname":"/notes/writeups/ctfs/fword-ctf-2020/binary-exploitation/untitled","siteSpaceId":"sitesp_CH9l1","description":"A ret2libc with a given leak","breadcrumbs":[{"label":"Writeups"},{"label":"CTFs"},{"label":"Fword CTF 2020"},{"label":"Binary Exploitation"}]},{"id":"Gf3QHPVXxMRoIAPk5ni3","title":"Reversing","pathname":"/notes/writeups/ctfs/fword-ctf-2020/reversing","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"CTFs"},{"label":"Fword CTF 2020"}]},{"id":"h4YUG4eQLxBdtnS1n2sq","title":"XO","pathname":"/notes/writeups/ctfs/fword-ctf-2020/reversing/xo","siteSpaceId":"sitesp_CH9l1","description":"Messing with the XOR","breadcrumbs":[{"label":"Writeups"},{"label":"CTFs"},{"label":"Fword CTF 2020"},{"label":"Reversing"}]},{"id":"udI2DrjACEU5RVu9nxxm","title":"X-MAS CTF 2020","pathname":"/notes/writeups/ctfs/x-mas-ctf-2020","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"CTFs"}]},{"id":"dOqCKLTDUrLJ1h43KiDj","title":"Pwn","pathname":"/notes/writeups/ctfs/x-mas-ctf-2020/pwn","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"CTFs"},{"label":"X-MAS CTF 2020"}]},{"id":"HH5JPHQf7etPEPmSDtL8","title":"Do I Know You?","pathname":"/notes/writeups/ctfs/x-mas-ctf-2020/pwn/do-i-know-you","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"CTFs"},{"label":"X-MAS CTF 2020"},{"label":"Pwn"}]},{"id":"jA1BBsBpyXzArMndSpVS","title":"Naughty","pathname":"/notes/writeups/ctfs/x-mas-ctf-2020/pwn/naughty","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"CTFs"},{"label":"X-MAS CTF 2020"},{"label":"Pwn"}]},{"id":"jHytxaAERs9DYLD6ma6R","title":"Web","pathname":"/notes/writeups/ctfs/x-mas-ctf-2020/web","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"CTFs"},{"label":"X-MAS CTF 2020"}]},{"id":"aMouZyE9l8ItNgjtUB8l","title":"PHP Master","pathname":"/notes/writeups/ctfs/x-mas-ctf-2020/web/php-master","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"CTFs"},{"label":"X-MAS CTF 2020"},{"label":"Web"}]},{"id":"eUaGMvphjE0QQc2TtQUy","title":"HTB CyberSanta 2021","pathname":"/notes/writeups/ctfs/htb-cybersanta-2021","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"CTFs"}]},{"id":"fkD8YCsX0CMwTJl3KF2L","title":"Crypto","pathname":"/notes/writeups/ctfs/htb-cybersanta-2021/crypto","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"CTFs"},{"label":"HTB CyberSanta 2021"}]},{"id":"KDkjqsKr5FUNymnCGSws","title":"Common Mistake","pathname":"/notes/writeups/ctfs/htb-cybersanta-2021/crypto/common-mistake","siteSpaceId":"sitesp_CH9l1","description":"Common Mod, DIfferent e","breadcrumbs":[{"label":"Writeups"},{"label":"CTFs"},{"label":"HTB CyberSanta 2021"},{"label":"Crypto"}]},{"id":"4hSAboQyopqBxu6nxNUY","title":"Missing Reindeer","pathname":"/notes/writeups/ctfs/htb-cybersanta-2021/crypto/missing-reindeer","siteSpaceId":"sitesp_CH9l1","description":"Cube Root Attack","breadcrumbs":[{"label":"Writeups"},{"label":"CTFs"},{"label":"HTB CyberSanta 2021"},{"label":"Crypto"}]},{"id":"vlaJTZIJkd9KLWnpjqGc","title":"Xmas Spirit","pathname":"/notes/writeups/ctfs/htb-cybersanta-2021/crypto/xmas-spirit","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Writeups"},{"label":"CTFs"},{"label":"HTB CyberSanta 2021"},{"label":"Crypto"}]},{"id":"0zn71NntgrWz6KINasP8","title":"Meet Me Halfway","pathname":"/notes/writeups/ctfs/htb-cybersanta-2021/crypto/meet-me-halfway","siteSpaceId":"sitesp_CH9l1","description":"Meet-in-the-middle attack on AES","breadcrumbs":[{"label":"Writeups"},{"label":"CTFs"},{"label":"HTB CyberSanta 2021"},{"label":"Crypto"}]},{"id":"-MEwByzdoipSSVgoZpth","title":"pwntools","pathname":"/notes/misc/pwntools","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Miscellaneous"}]},{"id":"-MEwBz-Ru_Up0V372PMk","title":"Introduction","pathname":"/notes/misc/pwntools/introduction","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Miscellaneous"},{"label":"pwntools"}]},{"id":"-MEwBz-SXqzi1UZK8gq_","title":"Processes and Communication","pathname":"/notes/misc/pwntools/processes_and_communication","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Miscellaneous"},{"label":"pwntools"}]},{"id":"-MEwBz-Vrhj5_6pTs4kI","title":"Logging and Context","pathname":"/notes/misc/pwntools/logging_and_context","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Miscellaneous"},{"label":"pwntools"}]},{"id":"-MEwBz-Tof8Ia6Po3j8d","title":"Packing","pathname":"/notes/misc/pwntools/packing","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Miscellaneous"},{"label":"pwntools"}]},{"id":"-MEwByzcl-ngEk7zUlCA","title":"ELF","pathname":"/notes/misc/pwntools/elf","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Miscellaneous"},{"label":"pwntools"}]},{"id":"-MG9TyKcRVnI7rgs06a6","title":"ROP","pathname":"/notes/misc/pwntools/rop","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Miscellaneous"},{"label":"pwntools"}]},{"id":"f4irFHm5jlhXANQ2eWdC","title":"scanf Bypasses","pathname":"/notes/misc/scanf-bypasses","siteSpaceId":"sitesp_CH9l1","breadcrumbs":[{"label":"Miscellaneous"}]},{"id":"3Wm5Cz4gtTQCfsmQYO91","title":"Challenges in Containers","pathname":"/notes/misc/challenges-in-containers","siteSpaceId":"sitesp_CH9l1","description":"","breadcrumbs":[{"label":"Miscellaneous"}]},{"id":"RvlO1lUv2RspBN8vGw3j","title":"Using Z3","pathname":"/notes/misc/using-z3","siteSpaceId":"sitesp_CH9l1","description":"Microsoft's Theorem Prover","breadcrumbs":[{"label":"Miscellaneous"}]},{"id":"rcmqjMCmwZ0kEA8SF7T9","title":"Cross-Compiling for arm32","pathname":"/notes/misc/cross-compiling-for-arm32","siteSpaceId":"sitesp_CH9l1","description":"Absolute pain","breadcrumbs":[{"label":"Miscellaneous"}]},{"id":"HcXjxjNK9nB4hP6sPEpI","title":"CodeQL","pathname":"/notes/misc/codeql","siteSpaceId":"sitesp_CH9l1","description":"Querying code to find vulnerabilities","breadcrumbs":[{"label":"Miscellaneous"}]}]}