Chien Nguyen

A growing collection of reverse engineering and binary exploitation writeups across ImaginaryCTF, Midnight Flag, K17, BITS, Osu, tkb and others.

Full-stack geospatial platform scoring business opportunity for Singapore's hawker centres. Built for SC2006 with Vite/React, FastAPI, PostGIS-style data and an AI assistant layer.

Network forensic analysis platform that turns large PCAP batches into deterministic evidence, per-file reports, enrichment results, and campaign-level ransomware investigation summaries.

Remote workflow guide for using Codex CLI from Android through Termux, Tailscale, SSH, and tmux while keeping code execution on an Ubuntu machine.

Native Android NDK tamper / hook detection sample. Computes a checksum of the loaded ELF .text segment and verifies integrity at runtime.

A small home-network scanner that fingerprints devices, diffs against a baseline, scores risk, and can emit a PDF report of changes over time.

Signed-length bug on glibc 2.39 turns into a heap primitive. Safe-linking leak, unsorted-bin libc leak, tcache poisoning through an XOR cipher, and a forged exit handler chain.

Stored XSS → localhost admin → heap underflow in a native canvas manager → libc leak → arbitrary R/W → libc ROP → flag. A full web-to-pwn chain.

7 (87% liked) 1 Go back in time maybe a decade or so, And play Geoguessr from a world you may or may not know.

category: reversing (with a light pwn twist)

Return oriented programming is one of the paradigms of all time. The garbled output is `94 7 d4 64 7 54 63 24 ad 98 45 72 35`

Binary: abnormaleak (ELF 64-bit, x86-64, dynamically linked, not stripped)