AIS3 2025 - 助教 & KoH 心得
2025-08-04 3.7k words 15 mins

AIS3 2025 - 助教 & KoH 心得

AIS3 2025 - 助教 & KoH 出題心得 Author: 堇姬Naup 目前已經 open source 了 KoH,各位可以載下來玩https://github.com/Naupjjin/2025-AIS3-KoH AD & KoH 直播https://www.youtube.com/watch?v=y3PbmYq9bcQhttps://www.youtube.com/live/nNU9_lUObsMhttps://www.youtube.com/live/vXpJXz2uPZA 起源這次是擔任 CTF 組 (進階資安攻防競技) 的助教,那時候時間是 7&#x2F
Linux Kernel - Page Table - Virtual address to physical address
2025-07-24 1.3k words 6 mins

Linux Kernel - Page Table - Virtual address to physical address

Page Table - Virtual address to physical address Author: 堇姬Naup 前言把之前寫到一半的完善好了,丟上來https://hackmd.io/@naup96321/H1gx5xJDle qemu monitorhttps://qemu-project.gitlab.io/qemu/system/monitor.html可以用他來讀寫物理記憶體或是做很多事情把 Qemu 加上 -monitor unix:/tmp/qemu-monitor.sock,server,nowait 後 load 這支https://github.co
2025-downunderCTF-writeup
2025-07-20 1.1k words 6 mins

2025-downunderCTF-writeup

2025 DownUnder CTF - Writeup Author: 堇姬 NaupCTFteam: Squid Proxy LoversRank: 8th 前言I was quite busy during this competition, so I only solved two challenges (I’ll just write more interesting one challenge — It is kernel pwn). This was also my first time playing a CTF together with SPL. It looks s
2025 CryptoCTF - writeup
2025-07-20 27 words 1 min

2025 CryptoCTF - writeup

2025 Crypto CTF - writeup Author : 堇姬 NaupTeam: NullCipherRank: All 23rd & Taiwan 2nd Writeup 可以直接看這裡https://hackmd.io/@naup96321/Hk7XLVf8le
2025 Google CTF - writeup
2025-07-05 3k words 16 mins

2025 Google CTF - writeup

GoogleCTF 2025 - writeup Author: 堇姬 Naup Pwnmulti-arch 2一題 VM pwn第一題是 Reverse 第二題是 pwn這份 writeup 只有寫 pwn analyze IDA沒有 debug symbol,所以要修這台 VM 自定義了一個 masm 的檔案格式整個 masm 檔案格式就是 4 bytes MASM 作為 magic number 被 load 進去後共有 3 個 segments,code、data、stack 檔案 header 有三段,分別是 code、data、arch_table 每段的 heade
Linux Kernel Patched - exec remove legacy custom binfmt modules autoloading
2025-06-30 2k words 10 mins

Linux Kernel Patched - exec remove legacy custom binfmt modules autoloading

Linux Kernel Patched - exec: remove legacy custom binfmt modules autoloading Author : 堇姬 Naup Patchedhttps://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa1bdca98d74472dcdb79cb948b54f63b5886c04 搜尋執行檔處理器(binary handler)的邏輯中,包含了遺留下來的舊程式碼,用來在系統遇到不支援的執行檔格式時,自動載入對應的核心模組。這段邏
2025 AIS3 pre-exam & My First CTF - official writeup
2025-05-31 5.6k words 28 mins

2025 AIS3 pre-exam & My First CTF - official writeup

2025 AIS3 pre-exam & My First CTF official writeup Author: 堇姬Naup 前言這次在 AIS3 出了 4 題,分別是 1 web、1 misc、2 pwn分別是 Tomorin db 🐧 (web, 282/473 solve) ♖ PyWars ♖ (Misc, 1/473 solve) MyGO schedule manager α (Pwn, 12/473 solve) MyGO schedule manager β (Pwn, 0/473 solve) source cod
alpacahack round 11 web - Jackpot & Tiny Note
2025-05-30 1.6k words 8 mins

alpacahack round 11 web - Jackpot & Tiny Note

alpacahack round 11 web - Jackpot & Tiny Note Author : 堇姬 Naup 前言那天在忙,只打了第一題,這篇順便補另外一題 (窩不會 XSS) Jackpot12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758from flask import Flask, request, render_template, jsonifyfrom werkzeug.exceptions i
Page Fault handle on userspace - Userfaultfd
2025-05-22 1.6k words 8 mins

Page Fault handle on userspace - Userfaultfd

Page Fault handle on userspace - Userfaultfd Author : 堇姬 Naup What is userfaultfduserfaultfd 是一種 syscall (syscall table rax = 388)user 可以去自訂 user pagefault handler 來去處理 userspace 的缺頁異常 (https://zh.wikipedia.org/wiki/%E9%A1%B5%E7%BC%BA%E5%A4%B1) https://chromium.googlesource.com/chromiumos/docs
2025 TRX CTF - /dev/mem - part 2
2025-05-19 1.5k words 7 mins

2025 TRX CTF - /dev/mem - part 2

2025 TRX CTF - /dev/mem - part 2 Author : 堇姬 Naup 前言繼承上一篇https://naupjjin.github.io/2025/04/11/Linux-Kernel-2025-TRX-CTF-devmem/ 這邊來講講另一個思想 analyze這次主要針對 /usr/sbin/chall,先放一下他的保護機制,沒有開 PIE並且他是 static linking 再來去檢查這個 binary 發現他有 SUID 12~ # ls -l /usr/sbin/chall-rwsr-x--x