Summer Pwnables: lz1 Solution

TL;DR 🚀 We’re turning a simple compression library into a shell delivery service! This writeup exploits a buffer overflow in lz1/lz77 decompression by crafting malicious compressed data that overflows the stack and chains ROP gadgets for code execution. Ever wondered how a simple file compression tool could hand you the keys to a system? Well, buckle up because we’re about to turn andyherbert’s innocent lz1 compressor into our personal shell delivery service!...

September 15, 2025 · 8 min · Zafir Rasyidi Taufik

Summer Pwnables: Temporal Paradox Engine Solution

Last month, Jacob asked me to create a CTF challenge for the Summer Pwnables event. I went with a kernel pwnable since my goal was to teach students some more advanced Linux kernel exploitation techniques - something that wouldn’t get solved in a day (and hopefully not by AI either). After building both the challenge and solution, I figured students should be able to crack it within 3-7 days. Turns out I was right about the timeline, but only one person actually solved it....

September 15, 2025 · 13 min · Muhammad Alifa Ramdhan

Lost in Translation: Apache Vulnerabilities That Don't Count (Literally)

During our security research in 2024, we discovered several vulnerabilities in Apache Foundation projects that seem to have gotten ’lost in translation’ between our bug reports and the CVE assignment process. While we’ve been patiently waiting for these findings to officially ‘count,’ they’ve apparently been stuck longer than a software update on a Friday afternoon. Almost a year went by without any CVEs assigned and which we completely forgot about until now....

September 11, 2025 · 9 min · Li Jiantao (@CurseRed)

[Updates] Summer Pwnables 🔥

[Updates] Summer Pwnables 2025 Major Announcement: ISD Sponsorship We are pleased to announce that Internal Security Department (ISD) is sponsoring Summer Pwnables Challenge #0002 Challenge #003. Distribution Rule Challenge #002 and #003 are meant for Singaporean students. Each Singaporean student can only win once across all challenges to ensure broader community recognition. However, they can still submit their solutions in order to win the new “Grand Prize” Prizes are still $100 SGD + the “From Day Zero to Zero Day” book written by Eugene “Spaceraccoon” Lim for the first five solvers....

August 18, 2025 · 2 min · STAR Labs SG

Summer Pwnables: When the Heat Rises, So Do the C-Shells 🔥

🌴☀️ SUMMER PWNABLES 2025 ☀️🌴 The hottest hacking challenge on this side of Southeast Asia! Think you can handle the heat? Time to prove your l33t skills are more than just talk! 😎🔥 The summer sun isn’t the only thing burning bright – we have cooked up some seriously spicy challenges that will test whether you are a true shell wizard! 🧙‍♂️✨ 📍 ELIGIBILITY REQUIREMENTS This challenge is exclusively open to Singapore-based students only!...

August 12, 2025 · 3 min · STAR Labs SG

My `Blind Date` with CVE-2025-29824

In April 2025, Microsoft patched a vulnerability that had become a key component in sophisticated ransomware attack chains. CVE-2025-29824, an use-after-free bug in the Windows Common Log File System (CLFS) driver, wasn’t the initial entry point for attackers. Instead, threat actors first compromised Cisco ASA firewalls, then used this Windows kernel vulnerability as the crucial privilege escalation step that transformed limited network access into complete system domination. This multi-stage approach represents the evolution of modern ransomware operations: sophisticated threat actors chaining together network infrastructure vulnerabilities with Windows kernel bugs to devastating effect....

July 16, 2025 · 10 min · Ong How Chong

Fooling the Sandbox: A Chrome-atic Escape

For my internship, I was tasked by my mentor Le Qi to analyze CVE-2024-30088, a double-fetch race condition bug in the Windows Kernel Image ntoskrnl.exe. A public POC demonstrating EoP from Medium Integrity Level to SYSTEM is available on GitHub here. Additionally, I was challenged (more like forced 💀) to chain the exploit to escape the Chrome Renderer Sandbox, achieving EoP from Untrusted Integrity Level to SYSTEM. Easy, right? 🤡...

July 10, 2025 · 11 min · Vincent Yeo (@goatmilkkk)