3

I wanted to ask your assistance: Where can I find advanced ctfs (that hopefully contain solutions) regarding binary/kernel exploitation? I am interested on finding x86_64 linux/windows/arm64 that consist of userland or kernel(lkm or drivers) exploitation (overcoming modern mitigations such as "shadow stacks" or different control flow guards(cfg/acg/others..) and grooming tricks and similar are huge pluses). What I am mostly looking for is ctfs that imitate mundane situations or applications, including but not limited to: common errors, uaf (even double free), bad custom memory layouts(for instance custom mmap implementations), different leaks, finding primitives, disclosures and similar -- all of it either in userland or appropriate kernel level.

Sadly I could not find anything that consists of what I call "modern world", with modern mitigations that is not aimed at basic corrupting the stack/heap, basic usage of tools or concepts, or anything that basically teaches the basics (corrupting/polluting, got/plt overwrites, simple ropper and similar basics - but something that goes beyond that, that can teach "real skills"). I am looking to expand my knowledge and I am pretty sure your answers would help a lot of people that are wondering about the same too, and couldn't find what they were looking for.

Note: I mentioned solutions because the amount of knowledge and tricks that can be taught just by reading a write up is huge, especially way of thinking, grooming, way of reversing and approaching the situation and similar. I learn a lot from reading write ups but I couldn't find ones that are above the "beginner" level.

I am looking to expand my knowledge and I am pretty sure your answers would help a lot of people that are wondering about the same too, and couldn't find what they were looking for.

Just to be clear again: I am not referring to dep/aslr/canaries and similar(those were awesome a decade ago). What I am looking for is the step after that.

Doesn't have to be binary, can be firmware, lkm, drivers, handles/pipes and similar.

Thank you very much and have a great week.

Improve this question
2
  • Not sure this question format is suitable for the site or even has an actual answer. Just look at real life software, it will be more useful than any CTF.
    – Igor Skochinsky
    Commented Jan 16, 2021 at 14:44
  • For Windows Exploitation, take a look at the Corelan's tutorials. I'm thinking of this one in particular, for a good introduction to the 'modern' Windows exploits protections: corelan.be/index.php/2009/09/21/…
    – Guillaume
    Commented May 5, 2021 at 9:57

1 Answer 1

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.