rivers.sh

  • Home
  • Blog
  • Categories
  • Tags
  • Search
  • 2026

  • 2026-01-28
    ROP Emporium: callme

    Chaining PLT calls with a multi-argument ROP gadget to invoke three functions in sequence

  • 2026-01-27
    ROP Emporium: split

    Building a ROP chain to call system() with a custom string argument

  • 2026-01-25
    ROP Emporium: ret2win

    Classic buffer overflow exploiting a vulnerable read() to redirect execution to a win function

  • 2025

  • 2025-12-09
    wordpress xml-rpc vulnerability on a gov't contractor

    wordpress & its subsequent dangers

  • 2025-07-18
    untitled01

    FRIENDS ONLY

  • 2025-05-02
    picoCTF: Binary Instrumentation II

    Intercepting & monitoring Windows API calls to find a flag in a hidden buffer

  • 2025-05-01
    PicoCTF: Binary Instrumentation I

    Bypassing sleep functions using Frida

  • 2025-04-23
    picoCTF: FactCheck

    Reversing decompiled C++ code to extract a flag by tracing string manipulation logic

  • 2025-04-22
    PicoCTF: WinAntiDbg0x300

    Bypassing an infinite debugger-killing loop by NOP'ing an unconditional jump

  • 2025-04-03
    picoCTF: WinAntiDbg0x200

    Further bypassing anti-debugging checks by editing register values

Page 2 of 4
Copyright © 2024-2026 river
  • Home
  • Blog
  • Categories
  • Tags
  • Search