Spraying the kernel heap for fun, profit and filling up holes.

modprobe_path overwrite exploit after kernel commit fa1bdca98d74472dcdb79cb948b54f63b5886c04. trigger modprobe using struct sockaddr_alg.

First ever kernel pwn!

Using strlen on binary data is the definition of insanity.

Limited inital ropchain => pivot stack to bss for unlimited control.

First time solving a race condition / shared memory CTF challenge.

CTF Conducted by team Iced Tea.

Placed top 19, solved 5/7 pwn challenges, and one really good web challenge.