#heap
6 writeups
heapn⊕te-ic
Midnight Flag CTF 2026 · 2026 · Mar 15, 2026
Signed-length bug on glibc 2.39 turns into a heap primitive. Safe-linking leak, unsorted-bin libc leak, tcache poisoning through an XOR cipher, and a forged exit handler chain.
#heap #glibc-2.39 #tcache #safe-linking
hard Canvas of Fear
Midnight Flag CTF 2026 · 2026 · Mar 15, 2026
Stored XSS → localhost admin → heap underflow in a native canvas manager → libc leak → arbitrary R/W → libc ROP → flag. A full web-to-pwn chain.
#xss #heap #glibc-2.34 #ROP
hard Midnight Relay - BITSCTF Pwn Writeup
BITS CTF · 2025
---
#pwn #rop #heap #crypto
SilentOracle (rev/pwn) — Timing Side-Channel (fail-slow) Attack
Neurogrid CTF · 2025
**Flag:** `HTB{Tim1ng_z@_h0ll0w_t3ll5}`
#rev #heap #pwntools
priority-queue writeup
B01lersctf · 2025
Source first:
#pwn #heap
spelling-bee writeup
B01lersctf · 2025
The bug is a use-after-free in the Forth dictionary.
#pwn #heap