This post goes through the steps in solving the challenge "OhMyRe!" from the Q4 mini-CTF (2024). A detailed walkthrough of the main SMT problem related to the program is shown, and a solution using Z3 is presented shortly after.
That time I presented a personal RE and vulnerability research project related to an old FPV drone I bought years ago. After RE-ing the old mobile app and it's native libraries, I ended up understanding the custom network protocol that was used for controlling and sending drone commands. This led me to find a buffer-overflow inside a recv function wrapper that handled commands sent over the custom protocol. The impact consisted in remote DoS, hijacking flow of execution and RCE.
Old post from when I tried to understand more about the motives, benefits and how's behind the IQA subdomain defacement for UTFSM (2021), using only OSINT techniques and freely available tools.
Old post from a CTF challenge. I reverse engineer a custom network protocol that's over TCP (Application Layer) from a PCAP file in order to create a client program that interacts with a custom-made server.
