Every InnoCTF writeup in one place. Practitioner-grade capture-the-flag walkthroughs and threat analysis across web exploitation, binary exploitation, and forensics. Reproducible methods, cited sources, no hand-waving.
AutoJack turns a browsing AI agent into a path to host code execution. The reusable bug class is a local service that trusts any caller on the loopback interface.
From confirming an injectable parameter to UNION and blind extraction, then working past the filters challenge authors like to add.
Reusing the binary's own code, gadget by gadget, to call execve when the stack is non-executable. Full reproduction.
Triage a memory image with Volatility 3, flag a private RWX region, and carve the injected implant for analysis.
AutoJack, FortiBleed, and SocGholish read together: the layer you trust to protect a system is now the way in.