jekyll site

.gitignore

@@ -1 +1,5 @@
-github_token
+_site
+.sass-cache
+.jekyll-cache
+.jekyll-metadata
+vendor

404.html

@@ -0,0 +1,25 @@
+---
+permalink: /404.html
+layout: default
+---
+
+<style type="text/css" media="screen">
+  .container {
+    margin: 10px auto;
+    max-width: 600px;
+    text-align: center;
+  }
+  h1 {
+    margin: 30px 0;
+    font-size: 4em;
+    line-height: 1;
+    letter-spacing: -1px;
+  }
+</style>
+
+<div class="container">
+  <h1>404</h1>
+
+  <p><strong>Page not found :(</strong></p>
+  <p>The requested page could not be found.</p>
+</div>

Gemfile

@@ -0,0 +1,33 @@
+source "https://rubygems.org"
+# Hello! This is where you manage which Jekyll version is used to run.
+# When you want to use a different version, change it below, save the
+# file and run `bundle install`. Run Jekyll with `bundle exec`, like so:
+#
+#     bundle exec jekyll serve
+#
+# This will help ensure the proper Jekyll version is running.
+# Happy Jekylling!
+gem "jekyll", "~> 4.3.3"
+# This is the default theme for new Jekyll sites. You may change this to anything you like.
+gem "minima", "~> 2.5"
+# If you want to use GitHub Pages, remove the "gem "jekyll"" above and
+# uncomment the line below. To upgrade, run `bundle update github-pages`.
+# gem "github-pages", group: :jekyll_plugins
+# If you have any plugins, put them here!
+group :jekyll_plugins do
+  gem "jekyll-feed", "~> 0.12"
+end
+
+# Windows and JRuby does not include zoneinfo files, so bundle the tzinfo-data gem
+# and associated library.
+platforms :mingw, :x64_mingw, :mswin, :jruby do
+  gem "tzinfo", ">= 1", "< 3"
+  gem "tzinfo-data"
+end
+
+# Performance-booster for watching directories on Windows
+gem "wdm", "~> 0.1.1", :platforms => [:mingw, :x64_mingw, :mswin]
+
+# Lock `http_parser.rb` gem to `v0.6.x` on JRuby builds since newer versions of the gem
+# do not have a Java counterpart.
+gem "http_parser.rb", "~> 0.6.0", :platforms => [:jruby]

Gemfile.lock

@@ -0,0 +1,86 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.8.6)
+      public_suffix (>= 2.0.2, < 6.0)
+    colorator (1.1.0)
+    concurrent-ruby (1.2.3)
+    em-websocket (0.5.3)
+      eventmachine (>= 0.12.9)
+      http_parser.rb (~> 0)
+    eventmachine (1.2.7)
+    ffi (1.16.3)
+    forwardable-extended (2.6.0)
+    google-protobuf (3.25.2-x86_64-linux)
+    http_parser.rb (0.8.0)
+    i18n (1.14.1)
+      concurrent-ruby (~> 1.0)
+    jekyll (4.3.3)
+      addressable (~> 2.4)
+      colorator (~> 1.0)
+      em-websocket (~> 0.5)
+      i18n (~> 1.0)
+      jekyll-sass-converter (>= 2.0, < 4.0)
+      jekyll-watch (~> 2.0)
+      kramdown (~> 2.3, >= 2.3.1)
+      kramdown-parser-gfm (~> 1.0)
+      liquid (~> 4.0)
+      mercenary (>= 0.3.6, < 0.5)
+      pathutil (~> 0.9)
+      rouge (>= 3.0, < 5.0)
+      safe_yaml (~> 1.0)
+      terminal-table (>= 1.8, < 4.0)
+      webrick (~> 1.7)
+    jekyll-feed (0.17.0)
+      jekyll (>= 3.7, < 5.0)
+    jekyll-sass-converter (3.0.0)
+      sass-embedded (~> 1.54)
+    jekyll-seo-tag (2.8.0)
+      jekyll (>= 3.8, < 5.0)
+    jekyll-watch (2.2.1)
+      listen (~> 3.0)
+    kramdown (2.4.0)
+      rexml
+    kramdown-parser-gfm (1.1.0)
+      kramdown (~> 2.0)
+    liquid (4.0.4)
+    listen (3.8.0)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
+    mercenary (0.4.0)
+    minima (2.5.1)
+      jekyll (>= 3.5, < 5.0)
+      jekyll-feed (~> 0.9)
+      jekyll-seo-tag (~> 2.1)
+    pathutil (0.16.2)
+      forwardable-extended (~> 2.6)
+    public_suffix (5.0.4)
+    rake (13.0.6)
+    rb-fsevent (0.11.2)
+    rb-inotify (0.10.1)
+      ffi (~> 1.0)
+    rexml (3.2.6)
+    rouge (3.30.0)
+    safe_yaml (1.0.5)
+    sass-embedded (1.69.5)
+      google-protobuf (~> 3.23)
+      rake (>= 13.0.0)
+    terminal-table (3.0.2)
+      unicode-display_width (>= 1.1.1, < 3)
+    unicode-display_width (2.5.0)
+    webrick (1.7.0)
+
+PLATFORMS
+  x86_64-linux
+
+DEPENDENCIES
+  http_parser.rb (~> 0.6.0)
+  jekyll (~> 4.3.3)
+  jekyll-feed (~> 0.12)
+  minima (~> 2.5)
+  tzinfo (>= 1, < 3)
+  tzinfo-data
+  wdm (~> 0.1.1)
+
+BUNDLED WITH
+   2.5.5

_config.yml

@@ -0,0 +1,52 @@
+# Welcome to Jekyll!
+#
+# This config file is meant for settings that affect your whole blog, values
+# which you are expected to set up once and rarely edit after that. If you find
+# yourself editing this file very often, consider using Jekyll's data files
+# feature for the data you need to update frequently.
+#
+# For technical reasons, this file is *NOT* reloaded automatically when you use
+# 'bundle exec jekyll serve'. If you change this file, please restart the server process.
+#
+# If you need help with YAML syntax, here are some quick references for you:
+# https://learn-the-web.algonquindesign.ca/topics/markdown-yaml-cheat-sheet/#yaml
+# https://learnxinyminutes.com/docs/yaml/
+#
+# Site settings
+# These are used to personalize your new site. If you look in the HTML files,
+# you will see them accessed via {{ site.title }}, {{ site.email }}, and so on.
+# You can create any custom variable you would like, and they will be accessible
+# in the templates via {{ site.myvariable }}.
+
+title: Cybersecurity Challenges Writeups
+email: [email protected]
+description: >- # this means to ignore newlines until "baseurl:"
+  Writeups for the Offensive and Defensive Cybersecurity course challenges at Politecnico di Milano.
+baseurl: "" # the subpath of your site, e.g. /blog
+url: "" # the base hostname & protocol for your site, e.g. http://example.com
+github_username:  gio-del
+relative_permalinks: false
+# Build settings
+theme: minima
+plugins:
+  - jekyll-feed
+
+# Exclude from processing.
+# The following items will not be processed, by default.
+# Any item listed under the `exclude:` key here will be automatically added to
+# the internal "default list".
+#
+# Excluded items can be processed by explicitly listing the directories or
+# their entries' file path in the `include:` list.
+#
+# exclude:
+#   - .sass-cache/
+#   - .jekyll-cache/
+#   - gemfiles/
+#   - Gemfile
+#   - Gemfile.lock
+#   - node_modules/
+#   - vendor/bundle/
+#   - vendor/cache/
+#   - vendor/gems/
+#   - vendor/ruby/

about.markdown

@@ -0,0 +1,18 @@
+---
+layout: page
+title: About
+permalink: /about/
+---
+
+This is the base Jekyll theme. You can find out more info about customizing your Jekyll theme, as well as basic Jekyll usage documentation at [jekyllrb.com](https://jekyllrb.com/)
+
+You can find the source code for Minima at GitHub:
+[jekyll][jekyll-organization] /
+[minima](https://github.com/jekyll/minima)
+
+You can find the source code for Jekyll at GitHub:
+[jekyll][jekyll-organization] /
+[jekyll](https://github.com/jekyll/jekyll)
+
+
+[jekyll-organization]: https://github.com/jekyll

challenges/heap/fastbin_attack/index.md

@@ -0,0 +1,16 @@
+---
+title: Heap Challenges
+layout: home
+---
+
+# fastbin_attack
+
+With Ghidra a little decompilation and creating struct to better understand the code.
+Then the vulnerabilities are:
+
+- We can double free, in fact into the free function there is no check on the freed field
+- We can read after free, useful to leak stuff
+
+{% highlight python %}
+{% include_relative script.py %}
+{% endhighlight %}

heap/README.md → challenges/heap/index.md

@@ -1,3 +1,8 @@
+---
+title: Heap Challenges
+layout: home
+---
+
 # Heap Exploration
 
 This set of challenges is about Heap Exploration. The goal is to understand how the heap works and how to exploit it.

mitigations/aslr/README.md → challenges/mitigations/aslr/index.md

@@ -1,3 +1,8 @@
+---
+title: Heap Challenges
+layout: home
+---
+
 # aslr
 
 ## Description

mitigations/gonna_leak/README.md → challenges/mitigations/gonna_leak/index.md

@@ -1,3 +1,8 @@
+---
+title: Heap Challenges
+layout: home
+---
+
 # gonna_leak
 
 ## Description

mitigations/README.md → challenges/mitigations/index.md

@@ -1,3 +1,8 @@
+---
+title: Heap Challenges
+layout: home
+---
+
 # Mitigation Bypass
 
 This set of challenges is about Mitigation Bypass. The goal is to bypass a set of mitigations (ASLR, PIE, canaries, PTR protections, etc.) to exploit a vulnerable binary.

mitigations/leakers/README.md → challenges/mitigations/leakers/index.md

@@ -1,3 +1,8 @@
+---
+title: Heap Challenges
+layout: home
+---
+
 # leakers
 
 ## Description

mitigations/ptr_protection/README.md → challenges/mitigations/ptr_protection/index.md

@@ -1,3 +1,8 @@
+---
+title: Heap Challenges
+layout: home
+---
+
 # ptr_protection
 
 ## Description

packing/README.md → challenges/packing/index.md

@@ -1,3 +1,8 @@
+---
+title: Heap Challenges
+layout: home
+---
+
 # Packing and Code Obfuscation
 
 This set of challenges is about packers. The goal is to understand how the packing routine works and once unpacked, how to reverse engineer the unpacked binary.

race/aart/README.md → challenges/race/aart/index.md

@@ -1,3 +1,8 @@
+---
+title: Heap Challenges
+layout: home
+---
+
 # aart
 
 ## Description

race/discount/README.md → challenges/race/discount/index.md

@@ -1,3 +1,8 @@
+---
+title: Heap Challenges
+layout: home
+---
+
 # discount
 
 ## Description

race/README.md → challenges/race/index.md

@@ -1,3 +1,8 @@
+---
+title: Heap Challenges
+layout: home
+---
+
 # Race Condition
 
 This set of challenges is about race condition.

race/metarace/README.md → challenges/race/metarace/index.md

@@ -1,3 +1,8 @@
+---
+title: Heap Challenges
+layout: home
+---
+
 # metarace
 
 ## Description

race/pybook/README.md → challenges/race/pybook/index.md

@@ -1,3 +1,8 @@
+---
+title: Heap Challenges
+layout: home
+---
+
 # pybook
 
 ## Description

reversing/crackme/README.md → challenges/reversing/crackme/index.md

@@ -1,3 +1,8 @@
+---
+title: Heap Challenges
+layout: home
+---
+
 # crackme
 
 This challenge is a simple crackme that asks for a flag and checks if it is correct.

reversing/README.md → challenges/reversing/index.md

@@ -1,3 +1,8 @@
+---
+title: Heap Challenges
+layout: home
+---
+
 # Reverse Engineering
 
 This set of challenges is about reverse engineering. The goal is to understand the logic of a binary and find a flag or a key.

reversing/keycheck_baby/README.md → challenges/reversing/keycheck_baby/index.md

@@ -1,3 +1,8 @@
+---
+title: Heap Challenges
+layout: home
+---
+
 # keycheck_baby
 
 ## Disassembly and decompilation