0poss's Blog


How to reverse a metamorphic windows kernel driver statically - HITCON22 Checker

# CTF # reverse-engineering
This article isn’t particularly technical, I just wanted to show how I reverse-engineered this challenge fully statically using Binary Ninja. The write-up is on the blog of the team I did the CTF with : Hexagon (beware of the brutal color theme change).

Overkilling a heap exploit with FSOP - FCSC2021 Cheapie

# CTF # pwn
Cheapie (pwn - 198 pts) Êtes-vous familier avec le tas ? Yay a heap challenge ! Setup The given libc didn’t have any symbols and no loader was provided, so I ran pwninit to retrieve a libc with symbols and a loader. Which I didn’t realise until me writing this, is that pwninit gave me a different libc, that changed the final part of the exploit : getting a shell ! Read more...

Maze running with Angr - MidnightSun2021 Labyrevnt

# CTF # reverse-engineering
I used the proximity browser in IDA with the “Add node -> Find path” feature to get the path between the main and walk_end function. Once all the function names in the path where dumped, in the same order as in IDA, inside functions.txt, you just have to tell angr to discard, avoid, every state wherein the callstack is different from the path linking main and walk_end. from IPython import embed import angr p = angr. Read more...
1 of 1


Obfuscation : expressions mixtes arithmético-booléennes

Nocturnes ESN'HACK 2023

A talk on mixed boolean arithmetic (MBA) obfuscation I gave at an event organized by the ESN'HACK association. In this talk, I go through the very basics of MBA obfuscation, demonstrate some techniques, and briefly talk about state-of-the-art tools for deobfuscation.

french slides