Home Home
Scavenger Security
Cancel

Solving a Use-After-Free bug in libbus

Recently I published a blog post on libbus, a small library I wrote to handle distributed message passing between threads. The library makes use of atomic functions to ensure synchronism. These ope...

libbus: A concurrent message passing library

Earlier this week I wrote, over the course of an evening, a very simple library to implement basic shared message passing called libbus. In this blog post I want to delve a bit deeper into the rati...

Tenable CTF 2021 - A3S Turtles [Stego]

In this stego challenge we are given a password protected zip called turtles128.zip. After bruteforcing it we observe that there are 128 nested zips protected with “0” or “1” as their password. We ...

Tenable CTF 2021 – Hacker Manifesto [Reversing]

Hacker Manifesto is a 250 point reverse engineering challenge. It reads: We found this file on a compromised host. It appears to contain data, but we’re not sure how to decode it. Maybe you can ...

BambooFox CTF 2021 – Emoji [Web]

In this web challenge we have a short PHP code where it is possible to execute arbitrary code after bypassing two input sanitization filters. First, we have an input length limitation protection...

BambooFox CTF 2021 – Time to Draw [Web]

Time to Draw is a web challenge based on Node.js. The main page presented a canvas on which one could draw by clicking on it, and several buttons on the right side. One of those buttons showed the ...

hxp CTF 2020 – EXCELlence [Reversing]

EXCELlent is a medium difficulty challenge that got 58 solves. It reads: Excellent CTFs need excellent business strategies, and what would be more appropriate than Microsoft ® Excel ™? Of course...

2020 Metasploit Community CTF - 8 of Hearts (port 4545) [PWN]

In this challenge our goal is to decrypt the flag using a binary called 8_of_hearts.elf. Looking at this binary we see that there is an encryption routine where each byte is decoded with an XOR ope...

2020 Metasploit Community CTF - 6 of Diamonds (port 8200) [Web]

This challenge is a web application where images can be uploaded and then be viewed in an image gallery. The only checks that are made when uploading the images are the extension check and the M...

2020 Metasploit Community CTF – 7 of Spades (port 8888) [Web]

Port 8888 hosts a Python Werkzeug web server. The main page shows a list of Metasploit modules which can be filtered by the options in the top menu. After several minutes of looking around for c...