BSidesSF 2026: rugdoctor - a broken JIT compiler pwn challenge
This is a write-up for rugdoctor, which is a JIT compiler with a 16-bit integer overflow. The integer overflow allows you to jump to the middle of other instructions, to run small bits of code in between other instructions. As always, you can find copies of the binaries, containers, and full solution in our GitHub repo!
BSidesSF 2026: read(write(call))me - progressive pwn challenges
This is a write-up for three “pwn” challenges - readwritecallme, readwriteme, readme. They’re all pretty straight forward, and designed to teach a specific exploit type: how to exploit an arbitrary memory write. All three challenges let you read arbitrary memory, and the first two additionally let you write to arbitrary memory. The final one (readme) only lets you read memory, but it has a buffer overflow that lets you take control. Technically, all three can be solved with the readme solution, but I’ll go over my intended solutions for all three, since I think it’s helpful. As always, you can find copies of the binaries, containers, and full solution in our GitHub repo!
BSidesSF 2026: nameme - a DNS-based pwn challenge
This is a challenge I’ve been considering making forever. It’s possible I’ve already made it, even, it’s one of those things that appeals to my brain! As always, you can find copies of the binaries, containers, and full solution in our GitHub repo!
BSidesSF 2026: miscellaneous challenges (if-it-leads, gitfab, jengacrypt)
This will be a write-up for the three shorter / more miscellaneous challenges I wrote: if-it-leads gitfab jengacrypt As always, you can find copies of the binaries, containers, and full solution in our GitHub repo!
New #security #blog post on #SkullSecurity by @iagox86: BSidesSF 2025: Miscellaneous challenges, filed under #bsidessf-2025, #ctfs
https://www.skullsecurity.org/2025/bsidessf-2025-miscellaneous-challenges
(Replies here will show up on the blog post)
BSidesSF 2025: Miscellaneous challenges
In this post, I’m going to do write-ups for a few challenges that don’t really meaningfully categorize. As usual, you can find the code and complete solutions on our GitHub repo!
New #security #blog post on #SkullSecurity by @iagox86: BSidesSF 2025: bug-me (hard reversing challenge), filed under #bsidessf-2025, #ctfs
https://www.skullsecurity.org/2025/bsidessf-2025-bug-me-hard-reversing-challenge-
(Replies here will show up on the blog post)
BSidesSF 2025: bug-me (hard reversing challenge)
Every year, I make a list of ideas and it contains the same thing: “process that debugs itself”. It’s from a half-remembered Windows challenge I solved when I was very new to CTFs. I’m obsessed with that concept, having messed with writing debuggers a few times (including Mandrake), and blogging about process injection. You’ll find a few challenges influenced by that those concepts thie yar, but this time we’re gonna look at bug-me. You can download source and the challenge (including solution) here.
New #security #blog post on #SkullSecurity by @iagox86: BSidesSF 2025: accan and drago-daction: pwn your own memory, filed under #bsidessf-2025, #ctfs
https://www.skullsecurity.org/2025/bsidessf-2025-accan-and-drago-daction-pwn-your-own-memory
(Replies here will show up on the blog post)
BSidesSF 2025: accan and drago-daction: pwn your own memory
If you read my bug-me write-up or my Linux process injection blog, you may be under the impression that I’ve been obsessed with the ability of Linux processes to write to their own memory. These challenges are no exception! You can download source and the challenge (including solutions) here (acaan) and here (drago-daction).
New #security #blog post on #SkullSecurity by @iagox86: BSidesSF 2025: Miscellaneous challenges, filed under #bsidessf-2025, #ctfs
https://www.skullsecurity.org/2025/bsidessf-2025-miscellaneous-challenges
(Replies here will show up on the blog post)
BSidesSF 2025: Miscellaneous challenges
In this post, I’m going to do write-ups for a few challenges that don’t really meaningfully categorize. As usual, you can find the code and complete solutions on our GitHub repo!
New #security #blog post on #SkullSecurity by @iagox86: goto-zero: An extended intro to solving stack overflow CTF challenges, filed under #ctfs
https://www.skullsecurity.org/2024/goto-zero-a-fake-ctf-challenge-to-show-off-something
(Replies here will show up on the blog post)
goto-zero: An extended intro to solving stack overflow CTF challenges
Hey all! My husband’s company recently did an internal (commercial) CTF, and as a CTF nerd I got suckered into helping him. I thought one of the challenges had a pretty interesting solution - at least, something I hadn’t done before - and I thought I’d do a little write-up! Because it’s a commercial CTF, I wrote my own vulnerability binary, which you can grab here. It’s much, much simpler, but has all the components I wanted. They also provided libc.so, but since I’m not actually running the challenge, you can just use your own copy. (Note that I’m running the BSidesSF CTF again this spring, and will probably gussy up this challenge a bit and throw it in - don’t let a good challenge go unwasted!)
New #security #blog post on #SkullSecurity by @iagox86: BSidesSF 2024 Writeups: Turing Complete (Reversing / exploitation), filed under #bsidessf-2024, #ctfs
https://www.skullsecurity.org/2024/bsidessf-2024-writeups-turing-complete-reversing-exploitation-
(Replies here will show up on the blog post)
BSidesSF 2024 Writeups: Turing Complete (Reversing / exploitation)
This is a write-up for turing-complete, turing-incomplete, and turing-incomplete64 from the BSides San Francisco 2024 CTF! turing-complete is a 101-level reversing challenge, and turing-incomplete is a much more difficult exploitation challenge with a very similar structure. turing-incomplete64 is a 64-bit version of turing-incomplete, which isn’t necessarily harder, but is different. Let’s look at the levels!
