Firzens Blog – Misadventures in Security

Potluck CTF 2023 – Shell No Evil

This was a super interesting challenge to me. If you want to follow along, the files are archived here. At a basic level the challenge setup is that you can send shellcode for an “unknown” architecture, namely SW64, to a remote service that will execute it and return a single value. The Challenge Setup Starting…

Building a POC for CVE-2021-40438

If you’re blue team and want to know what an exploit for this looks like for filtering purposes I’ve added that information for you in…

October 13, 2021October 13, 2021

Dipping into windows kernel exploitation with HEVD

After playing around with HEVD by following the excellent blog post here and managing to have some first success. I wanted to look into some…

April 19, 2020April 19, 2020

Git Rekt #2 – Steghide

A while ago at our CTF meetup we were talking about the exploit exploit and got talking about other common CTF tools and what could…

April 12, 2020April 20, 2020

Git Rekt #1 – Siim/ftp

The idea After doing the writeup for the iCTF babyshop challenge I’ve been unsure what to write about, even though I felt like I wanted…

November 10, 2019November 10, 2019

ICTF baby_shop Writeup

So on our regular CTF meetup last week, a friend told me about a pwn challenge he had tried at a recent CTF and failed,…

May 27, 2019May 27, 2019