Exploiting a QuickJS-ng fast-array bug to expose stale JSValues, corrupt the global property table, and call std.loadFile
Turning a missing pyjnius type check into Java object confusion, native memory access, and code execution through a forged PyObject
Combining malloc-failure undefined behavior and signedness bugs to obtain NULL-based absolute memory access and code execution
DefCamp D-CTF Final
Hiding a syscall opcode inside an immediate and jumping into the instruction midpoint to bypass Capstone-based shellcode filtering