Making something akin to awesome-mobile-ctf but for Windows to curate a list of Windows CTF problems.
Learning Resources
Pwnables
See Xion’s WinPwn resources for more references on Windows exploitation.
Name | Competition | Writeups | Topics |
---|---|---|---|
Insobug | Insomni’hack 2023 Teaser | Userland | |
BFS Ekoparty 2022 | Ekoparty 2022 | Userland | |
OpenDoor | Hack the Box Business CTF 2022 | Kernel | |
MiniFilter | ECW2022 | Minifilter Driver | |
PwnME | INTENT CTF 2022 | ||
A..Mazing.exe | SSTIC 2021 Challenge |
|
|
pe_analysis (Description) | Pwn2Win CTF 2021 |
|
|
Archangel Michael’s Storage | HITCON CTF 2020 |
|
|
Lucifer | HITCON CTF 2020 |
|
|
BitmapManager | Dragon CTF 2020 | ||
LowFunHeap | Hack.lu CTF 2020 |
|
|
winsanity | Codegate 2020 Finals |
|
|
winterpreter | Codegate 2020 Quals |
|
|
WinKern x64 - Use After Free |
Root Me |
|
|
WinKern x64 - Advanced stack buffer overflow - ROP |
Root Me |
|
|
dadadb | HITCON 2019 (Quals) |
|
|
Breath of Shadow | HITCON 2019 (Quals) |
|
|
LazyFragmentationHeap | WCTF 2019 |
|
|
Ekoparty 2019 | |||
BabyKernel | Dragon CTF 2019 | ||
winhttpd | Insomnihack 2019 (Quals) |
|
|
PE32 - Stack buffer overflow basic |
Root Me |
|
|
PE32 - Advanced stack buffer overflow |
Root Me |
|
|
PE32+ Format string bug |
Root Me |
|
|
PE32+ Basic ROP | Root Me |
|
|
BFS Ekoparty 2018 Challenge | Ekoparty 2018 | ||
elgoog/Searchme | WCTF 2018 |
|
|
pigdriver | WCTF 2018 | ||
Windowsland | HITCON CTF 2018 | ||
globetrotter | CSAW CTF 2018 Finals |
|
|
StrikeBack | Insomnihack 2018 | ||
BFS Ekoparty 2017 Challenge | Ekoparty 2017 | ||
Divided | DEFCON CTF 2017 Quals | ||
Fastcalc | CONFidence CTF 2017 (Teaser) |
||
Fastcalc (Hardened) | CONFidence CTF 2017 (Finals) |
||
firewall | CSAW 2017 Quals | ||
babystack | HITB GSEC 2017 | ||
babyshellcode | HITB GSEC 2017 | ||
Divided | DEFCON 2017 (Quals) | ||
winworld | Insomnihack 2017 (Teaser) |
||
easywin | Insomnihack 2017 (Finals) |
||
pwn2 | AIS3 2017 (Quals) | ||
Bubblegum | CONFidence 2016 (Teaser) | ||
Entree | CONFidence 2016 (Finals) | ||
easier | DEFCON 2016 (Quals) | ||
100percent | Belluminar 2016 | ||
thing2 | DEFCON 2015 (Quals) |
|
|
drunk | BCTF 2015 | ||
VBS | 0CTF 2015 (Quals) |
|
|
greenhornd | CSAW 2014 (Quals) |
|
|
Links | CSAW 2014 (Finals) | ||
Brokenwindow | Power of XX 2014 (Finals) | ||
Breznparadisebugmaschine | Hack.lu CTF 2013 |
Reversing
Name | Competition | Writeups | Topics |
---|---|---|---|
DoroboH | SECCON CTF 2022 | Intended solution: Analyse Windows credential provider and you’ll find it’s encrypting every private key and pointer to them. Search for magic number of DH key structure, decrypt pointer to private key, and find RC4 encryption key. Then you can decrypt all packets. Unintended solution: strings -e l <ul>sqrtrev; Super GuessersnwoTan90909090</ul> |
|
Brutal Oldskull | Teaser Dragon CTF 2018 | ||
STDIN | Pragyan CTF 2016 | ||
Memory | CONFidence 2014 |