tl;dr

• UAF in chess game, overwrite __malloc_hook to one_gadget

tl;dr

• Abusing a stack overflow on a RISC-V binary to then return to shellcode.

tl;dr

• Buffer overflow in AArch64
• Bypass pointer authentication to leak libc and get shell

tl;dr

• Overflow from stdin stucture till main_arena.
• Create fake fastbin chunks to get overlapping chunk and leak.
• Overwrite __malloc_hook using fastbin attack.

tl;dr

• overflow the char candle counter stored in the wax structure and trigger uaf.
• Use the uaf to trigger double free and get shell.

tl;dr

• Leak with Format String bug.
• Use the arbitrary heap pointer write to overwrite __GI__IO_file_jumps.
• Inject shellode in heap and get code execution in dfprintf.

tl;dr

• Out-of bounds index write allows byte-by-byte overwrite of return address

tl;dr

• Carefully arranging structs on stack so as to overwrite saved rip , without corrupting the stack canary.
• Leak libc with puts and execute a ret2libc to get shell

tl;dr

• Overwrite mmap_threshold with null and trim top chunk size.
• Null out last 2 bytes of stdin’s _IO_buf_base and brute force to get allocation on stdin.
• Overwrite one of the jump tables with win function to get shell.

tl;dr

• Execute shellcode on parent and write to child’s memory using /proc/<pid of child>/mem
• Overwrite return address of child with execve shellcode and pop shell.