Sitemap
A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.
Pages
Page Not Found
Page not found. Your pixels are in another canvas.
Woosun Song's webpage
About me
Page not in menu
This is a page not in th emain menu
Posts
The Plight of TTY in the Linux Kernel
Published:
Introduction
I solved a bunch of pwnable tasks from zer0pts CTF 2020. Despite the fact that one person wrote most of the challenges in diverse categories (I think that’s really admirable) the quality of tasks was impressive. I hope the organizers get a chance to do it next year too.
Exploiting a type confusion bug in radare2’s pyc plugin
Published:
Introduction
Recently I got the change to author 2 challenges for CodegateCTF 2020 quals. I wrote two pwnable tasks, babyllvm and marshal. The second one, marshal was released 12 hours before the end and therefore didn’t get any solves, despite the fact that it isn’t that difficult. On the other hand babyllvm was released at the start of the CTF and was solved by PPP in just 2 hours, which is very impressive (but expected, it’s PPP…) I’m going to describe how I thought of the idea for this challenge in this post. If you want to go straight to the exploit, go straight to the end.
Balsn CTF 2019 - KrazyNote
Published:
I solved a challenge called KrazyNote on Balsn CTF 2019. As expected, Balsn CTF was extremely hard, and the pwnable challenge with the most solves was KrazyNote. It had about 10 solves, which is quite a lot but I learned a lot of important stuff through this challenge so I decided to publish a write-up for it.
DEFCON CTF 27 Review
Published:
pre CTF (2019.8.7-8)
Our team. KaisHackGoN was qualified to the DEFCON CTF 27 Finals. We arrived about a day early by reserving a room for an extra day at planet hollywood hotel. The first day due to the flight we were all in bad condition. We had our meal at Gordon Ramsay burger and went to sleep early.
Setting up gdb for MIPS pwnables
Published:
This week, I decided to solve a challenge on pwnable.kr called mipstake. It is a simple mips userspace pwnable, but since I did not have any MIPS device I went through some painful processes during the debugging environment setup. In this post, I will be introducing the usage of qemu-system-mips to emulate MIPS userspace binaries and debug them using GDBserver.
portfolio
publications
HardsHeap: A Universal and Extensible Framework for Evaluating Secure Allocators
Published in CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, 2021
HardsHeap
Recommended citation: Insu Yun, Woosun Song, Seunggi Min, and Taesoo Kim. 2021. HardsHeap: A Universal and Extensible Framework for Evaluating Secure Allocators. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS '21). Association for Computing Machinery, New York, NY, USA, 379–392. https://doi.org/10.1145/3460120.3484740 http://pr0cf5.github.io/files/2021-hardsheap.pdf