Posts
Scavenger Security
Cancel

bi0sCTF 2024 - Image Gallery I [Web]

Image Gallery 1 is an enjoyable and interesting web challenge on bi0sctf, with 22 solves. It’s a particularly fascinating for me because it involves exploiting the browser’s local cache in a CTF sc...

EDR as a rootkit (OpenEDR)

Introduction Over the past few months, I have been working with a very interesting open source EDR called OpenEDR. As a Red Team operator, I have spent a significant amount of time evading EDRs ov...

IrisCTF 2024 - Memory [Pwn]

The provided code represents a kernel exploitation challenge, focusing on a vulnerable Linux device driver. The essential segment of the code is as follows: volatile const unsigned char data[] = "...

Cybercamp UMU - Gudari [Forensic]

Gudari es uno de los retos que hemos creado para el CTF de la Cybercamp UMU, organizado en julio de 2023 por la Universidad de Murcia en colaboración con el Club de Ciberseguridad de la Facultad de...

CVE-2021-43579: htmldoc: Stack buffer overflow in image_load_bmp()

On November 4th, 2021, a vulnerability was reported by Scavenger Security member 00xc, which was tagged as CVE-2021-43579. This vulnerability affects the open-source software htmldoc, which is used...

DEF CON CTF Qualifier 2023 - Open House [Pwn]

This year, we participated in DEF CON Quals CTF as members of the Quanterland team. We spent the entire weekend working diligently on an open-house binary exploitation challenge, which had 68 solve...

Bruteforcing forks to leak stack canary [Pwn]

In 2022 I learned a new technique to leak the stack canary with an interesting challenge developed by Animanegra. The challenge is called pwn7, and Animanegra was very insistent that I tried to sol...

HTB Cyber Apocalypse CTF 2023- Interstellar C2 [Forensic]

Interstellar C2 - Difficulty: hard We noticed some interesting traffic coming from outer space. An unknown group is using a Command and Control server. After an exhaustive investigation, we discove...

HTB Cyber Apocalypse CTF 2023- Artifacts of Dangerous Sightings [Forensic]

Artifacts of Dangerous Sightings - Difficulty: medium Pandora has been using her computer to uncover the secrets of the elusive relic. She has been relentlessly scouring through all the reports of...

LaCTF 2023 - rut-roh-relro [Pwn]

For this challenge, we are given a compiled ELF file and its corresponding C source code. The program has two critical format string vulnerabilities, which enable an attacker to easily read and wri...