CTF

A writeup about exploiting an image converter service through path traversal and multiprocessing pickle deserialization. The solution required crafting a polyglot file that’s both a valid BMP image and a malicious pickle payload to achieve RCE.

A writeup for EPFL CS412’s HEAP-MEANU challenge involving heap exploitation through one-byte overflow and constrained brute-force reading. Despite full protections and modern libc 2.39, achieved RCE using a House of Spirits like attack.