ROP on GOT! We noticed there is a mitigation for the latest versions to avoid attackers using glibc GOT easily. However, got in libc is still writable, hence swing and I designed another method to achieve RCE with once Arbitrary Write: github.com/n132/Libc-GOT-…

Played Dice CTF with Shellphish this weekend. CTF is always an efficient way to learn little skills. Now I know more about one_gadget (Learned from zolutal !) Write up for challenges I played: github.com/n132/CTF-Write…

Now people can't guess the heap base address easily. The original vulnerability: If we can leak the PIE we can brute force the heap base and we can even overflow from BSS to the heap. github.com/n132/BeapOverf… It's also the first time I reported a Linux kernel vulnerability!

Amazing work! Pleasure to work with you guys!

I wrote about ace hacking team Shellphish and the DARPA quest to make AI patch software flaws for us. See it in the The Washington Post.

Our paper on ARVO, a huge (5000+) dataset of reproducible (w/PoC), recompilable vulns in open-source C/C++ projects is now up on arXiv! Awesome work by n132, X3eRo0, Jordi Del Castillo, Haoran Xi, Abdelouahab Benchikh, & profs from NYU/ASU/UNSW arxiv.org/abs/2408.02153

n132 X3eRo0 Thanks to n132, there is now also a repo with JSON metadata for each vulnerability and the patch identified by ARVO as fixing the vulnerability! github.com/n132/ARVO-Meta/

We did it!!!! @Shellphish qualifies for the AIxCC finals!!!

WE QUALIFIED FOR AIxCC FINALS!!!!

I didn't try many C++ pwn but found it easier to gain RCE (after arbitrary writing) on a C++ binary: The libstdc++ is still partial RELRO, meaning we can hijack its GOT.

The code for building and updating the ARVO dataset, a collection of over 5000 memory safety vulnerabilities in open source software, is now open source! Link in reply :)

We are thrilled to announce our first group of sponsored CTF Teams! Top-Tier Teams 💎 justCatTheFish 💎 Kalmarunionen 💎 r3kapig Rising Star Team 🌟 PwnSec Learn more about our partnership and the teams here: hex-rays.com/blog/2025-spon…