Skip to content
CTF Wiki
Trusted Execution Environment
zh - 汉语
en - English
zh-tw - 繁體中文
Initializing search
WildWestCyberSecurity/ctf-wiki-ENGLISH
Start
Introduction
Misc
Crypto
Web
Assembly
Executable
Reverse
Pwn
Android
ICS
Blockchain
CTF Wiki
WildWestCyberSecurity/ctf-wiki-ENGLISH
Start
Start
Introduction
How to use CTF Wiki
Contributing Guide
Contributing Guide
Before Contributing
Basic Contribute Approach
Document Requirements
Translation
Discussion
Introduction
Introduction
History of CTF Wiki
CTF Competition Types
CTF Competition Content
Summary of Offline Attack-Defense Experience
CGC Super Challenge
Learning Resource
Misc
Misc
Introduction to Misc
Information Gathering Techniques
Encoding Analysis
Encoding Analysis
Common Encodings in Communications
Computer-Related Encodings
Common Encodings in the Real World
Prerequisites for Forensics and Steganography
Image Analysis
Image Analysis
Introduction to Image Analysis
PNG
JPG
GIF
Audio Steganography
Audio Steganography
Audio Steganography
Traffic Analysis
Traffic Analysis
Introduction to Traffic Packet Analysis
PCAP File Repair
Protocol Analysis
Protocol Analysis
Protocol Analysis Overview
Wireshark
HTTP
HTTPS
FTP
DNS
WIFI
USB
Data Extraction
Archive Analysis
Archive Analysis
ZIP Format
RAR Format
Disk & Memory Analysis
Disk & Memory Analysis
Disk and Memory Analysis
Challenges
Other
Other
pyc Files
Crypto
Crypto
Introduction to Cryptography
Basic Mathematics
Basic Mathematics
Fundamental Mathematical Knowledge
Classical Ciphers
Classical Ciphers
Introduction to Classical Ciphers
Monoalphabetic Substitution Cipher
Polyalphabetic Substitution Cipher
Other Types of Encryption
Summary
Stream Ciphers
Stream Ciphers
Stream Ciphers
Pseudo-Random Number Generators
Pseudo-Random Number Generators
Introduction to Pseudorandom Number Generators
Cryptographically Secure Pseudorandom Number Generator
Challenges
Linear Congruential Generator
Linear Congruential Generator
Linear Congruential Generator
Challenges
Feedback Shift Register
Feedback Shift Register
Feedback Shift Register
Linear Feedback Shift Register - LFSR
Nonlinear Feedback Shift Register
Special Stream Ciphers
Special Stream Ciphers
RC4
Block Ciphers
Block Ciphers
Block Cipher
ARX
ARX
ARX: Add-Rotate-Xor
DES
DES
DES
IDEA
IDEA
IDEA
AES
AES
AES
Simon and Speck
Simon and Speck
Simon and Speck Block Ciphers
Block Cipher Modes
Block Cipher Modes
Block Cipher Modes
Padding Methods
ECB
CBC
PCBC
CFB
OFB
CTR
Padding Oracle Attack
Asymmetric Encryption
Asymmetric Encryption
Introduction
RSA
RSA
RSA Introduction
Modulus-Related Attacks
Public Exponent Related Attacks
Private Key d Attacks
Private Key d Attacks
Attacks on Private Key d
Extending Wiener's Attack
Coppersmith Related Attacks
RSA Chosen Plaintext/Ciphertext Attack
RSA Side-Channel Attack
Bleichenbacher's Attack
RSA Complex Problems
Knapsack Cipher
Knapsack Cipher
Knapsack Encryption
Discrete Logarithm
Discrete Logarithm
Discrete Logarithm
ElGamal
ECC
Lattice Cryptography
Lattice Cryptography
Lattice Overview
Basic Introduction
Lattice Basis Reduction Algorithms
CVP
Hash Functions
Hash Functions
Hash Function
MD5
MD5
MD5
SHA1
SHA1
SHA1
FNV
FNV
Fowler–Noll–Vo hash function
Hash Attack
Hash Attack
Hash Attack
Comprehensive Challenges
Digital Signatures
Digital Signatures
Digital Signatures
RSA Digital Signature
RSA Digital Signature
RSA Digital Signature
ElGamal Digital Signature
ElGamal Digital Signature
ElGamal
DSA Digital Signature
DSA Digital Signature
DSA
Attack Summary
Attack Summary
Introduction
Meet-in-the-Middle Attack
Meet-in-the-Middle Attack
Meet-in-the-Middle Attack - MITM
Bit Attack
Bit Attack
Bit Attack
Certificate Format
Certificate Format
Certificate Formats
Web
Web
Web Introduction
SQL Injection
SQL Injection
SQL Injection
XSS Cross-Site Scripting
XSS Cross-Site Scripting
XSS
CSRF Cross-Site Request Forgery
CSRF Cross-Site Request Forgery
CSRF
SSRF Server-Side Request Forgery
SSRF Server-Side Request Forgery
SSRF
PHP Code Audit
PHP Code Audit
PHP Code Auditing
Assembly
Assembly
x86_x64
MIPS
ARM
RISC-V
Executable
Executable
ELF Files
ELF Files
ELF File Basic Structure
ELF File Basic Structure
ELF Files
Sections
Code Section
Data Related Sections
Symbol Table
String Sections
Dynamic Sections
Misc Sections
Program Loading
Program Loading
Program Loading
Program Linking
Program Linking
Program Linking
Symbol Resolve
Program Execution Flow
Program Execution Flow
Program Execution Flow
Reverse
Reverse
Reverse Overview
Reverse Overview
Introduction to Software Reverse Engineering
Tools
Tools
Static Analysis
Static Analysis
IDA Pro
Ghidra
jadx
Dnspy
Dynamic Debugging
Dynamic Debugging
gdb
ollydbg
x64dbg/x32dbg
windbg
Constraint Solving
Constraint Solving
z3
Simulated Execution
Simulated Execution
angr
Unicorn Engine
Algorithm Reversing
Algorithm Reversing
Common Encryption Algorithm and Encoding Identification
Code Obfuscation
Code Obfuscation
Junk Code
Self-Modified Code
Control Flow Flattening
movfuscator
Maze Reversing
Maze Reversing
Maze Problems
VM Reversing
VM Reversing
Virtual Machine Analysis
Platform related
Platform related
Linux Reverse
Linux Reverse
LD_PRELOAD
False Disassembly
Detecting Breakpoints
Detecting Debugging
Windows Reverse
Windows Reverse
Unpacking Techniques
Unpacking Techniques
Introduction to Packers
Single-Step Tracing Method
ESP Law Method
Direct OEP Method
Memory Image Method
Last Exception Method
SFX Method
DUMP and IAT Reconstruction
Manually Finding IAT and Rebuilding with ImportREC
Unpacking DLL Files
Anti-Debugging Techniques
Anti-Debugging Techniques
NtGlobalFlag
Heap Flags
The Heap
Interrupt 3
IsDebuggerPresent
CheckRemoteDebuggerPresent
NtQueryInformationProcess
ZwSetInformationThread
Junk Code
Anti-Debugging Techniques Example
Language related
Language related
Introduction
Python
Python
Introduction to Python Reverse Engineering
Rust
Rust
Introduction to Rust Reverse Engineering
Golang
Golang
Introduction to Golang Reverse Engineering
Pwn
Pwn
Linux Platform
Linux Platform
User Mode
User Mode
Environment
Environment
Environment
Exploitation
Exploitation
Stack Overflow
Stack Overflow
x86
x86
Stack Introduction
Stack Overflow Principle
Basic ROP
Intermediate ROP
Advanced ROP
Advanced ROP
Advanced ROP
ret2dlresolve
ret2VDSO
SROP
Fancy Stack Overflow
Fancy Stack Overflow
Fancy Stack Overflow Techniques
arm
arm
Environment Setup
Arm ROP
mips
mips
mips - ROP
risc-v
risc-v
RISC-V
Format String
Format String
Introduction
Exploitation
Examples
Detection
Heap Exploitation
Heap Exploitation
Ptmalloc2
Ptmalloc2
Heap Exploitation
Heap Overview
Heap-Related Data Structures
Deep Dive into Ptmalloc2
Deep Dive into Ptmalloc2
In-Depth Understanding of Heap Implementation
Basic Operations
Heap Initialization
Allocating Memory Chunks
Freeing Memory Chunks
tcache
malloc_state Related Functions
Testing Support
Heap Overflow
Off-By-One in the Heap
Chunk Extend and Overlapping
Unlink
Use After Free
Fastbin Attack
Unsorted Bin Attack
Large Bin Attack
Tcache attack
House Of Einherjar
House Of Force
House of Lore
House of Orange
House of Rabbit
House of Roman
House of Pig
Musl-mallocng
Musl-mallocng
Readme
IO_FILE Exploitation
IO_FILE Exploitation
FILE Structure
Faking vtable to Hijack Program Flow
FSOP
IO_FILE Exploitation under glibc 2.24
Integer Overflow
Integer Overflow
Integer Overflow
Type Confusion
Type Confusion
Type Confusion
Uninitialized Memory
Uninitialized Memory
Uninitialized Memory
Race Condition
Race Condition
Race Condition
Problems
Defense
Defense
Canary
Summary
Summary
Getting Addresses
Hijacking Program Control Flow
Shell Acquisition Summary
Kernel Mode
Kernel Mode
Basic Knowledge
Basic Knowledge
Introduction to Linux kernel
Environment
Environment
Introduction
Downloading and Compiling the Kernel Source Code
Writing a Loadable Kernel Module
Setting Up the Kernel Runtime Environment
Real Device
System.map
Aim
Aim
Introduction
Privilege Escalation
Privilege Escalation
Introduction
Change Self
Change Others
Information Disclosure
DoS
Defense
Defense
Introduction
Isolation
Isolation
Introduction
User and Kernel
User and Kernel
Introduction
User Code Not Executable
User Data Not Accessible
KPTI - Kernel Page Table Isolation
Inside Kernel
Inside Kernel
Internal Isolation
Access Control
Access Control
Introduction
Information Disclosure
Misc
Detection
Detection
Introduction
Kernel Stack Canary
Randomization
Randomization
Introduction
KASLR
FGKASLR
Exploitation
Exploitation
Introduction
Returned Oriented Programming
Returned Oriented Programming
Kernel ROP
Kernel ROP with KPTI bypass
ret2usr (Deprecated)
bypass-smep (Deprecated)
Using pt_regs to Construct Universal Kernel ROP
ret2dir
Heap Exploitation
Heap Exploitation
Kernel Heap Overview
slub allocator
slub allocator
Introduction
Kernel UAF
Heap Spray
Freelist Hijacking
Buddy System
Buddy System
Cross-Cache Overflow & Page-level Heap Fengshui
Cross-Cache UAF
Page-level UAF
Race Condition
Race Condition
Double Fetch
Using userfaultfd to Create Race Conditions
Tricks
Tricks
Searching for the Flag Directly in Memory
Reading the Flag via QEMU Monitor
Directly Overwriting the Root Filesystem
Triggering OOM Killer via Memory Overflow to Obtain a Root Shell
Windows Platform
Windows Platform
Overview
User Mode
User Mode
Readme
Stack Overflow
Stack Overflow
Stack Introduction
Stack Overflow Principle
Executing Shellcode
ret2dll Exploitation
Kernel Mode
Kernel Mode
Basic Knowledge
Basic Knowledge
Basic Knowledge
MacOS Platform
MacOS Platform
MacOS
Misc OS Platform
Misc OS Platform
Readme
Sandbox Escape
Sandbox Escape
python
python
Python Sandbox
shell
shell
Shell Sandbox
seccomp
seccomp
C Sandbox Escape
namespace
namespace
Namespace
chroot
chroot
Chroot
docker
docker
Docker
Virtualization
Virtualization
Basic Knowledge
Basic Knowledge
Introduction to Virtualization Technology
CPU Virtualization
Memory Virtualization
I/O Virtualization
QEMU
QEMU
Basic Knowledge
Basic Knowledge
QEMU Memory Management
QEMU Device Emulation
Environment Setup
Environment Setup
Downloading and Building QEMU
Writing QEMU Emulated Devices
Exploitation
Exploitation
Introduction to QEMU Escape
Tricks
Tricks
Reading Flags Using QEMU Monitor
Virtual Box
Virtual Box
VirtualBox
VMWare
VMWare
VMWare
Parallels
Parallels
Parallels
Browser
Browser
Chrome
Chrome
Chromium
V8 Engine
V8 Engine
V8 Engine Intro
Ignition Interpreter
TurboFan JIT Compiler
V8 Design History
Mutable Heap Numbers
Firefox
Firefox
Firefox
Safari
Safari
Safari
Hardware
Hardware
CPU
CPU
Introduction
Side Channel Attack
Side Channel Attack
prefetch side-channel attack
Trusted Computing
Trusted Computing
Trusted Execution Environment
Android
Android
Android Development Basics
Android Runtime Mechanism
Android Runtime Mechanism
Brief Introduction to Android Application Operating Mechanism
Android Java Layer Runtime
Android Java Layer Runtime
Java Layer Operating Mechanism in Android
Smali
Dex && ODEX
Dex && ODEX
DEX File
ODEX Files
Android Native Layer
Android Native Layer
Introduction to SO Files
Android Reverse Engineering Basics
Android Reverse Engineering Basics
Basic Introduction to Android Reverse Engineering
Android Key Code Location
Android Simple Static Analysis
Android Simple Static Analysis
Static Analysis Java Layer Examples
Static Analysis of Native Layer Programs
Comprehensive Static Analysis Challenges
Android Simple Dynamic Analysis
Android Simple Dynamic Analysis
Android Dynamic Debugging
IDA Dynamic Debugging of Native Layer Programs
ICS
ICS
ICS_CTF Competitions
ICS_CTF Discovery
ICS_CTF Exploitation
ICS_CTF Learning Resources
Blockchain
Blockchain
Blockchain Security Overview
Ethereum Security
Ethereum Security
Ethereum Overview
Ethereum Basics
Function Selector and Argument Encoding
Ethereum Storage
Ethereum Opcodes
Known Attacks
Known Attacks
Introduction
Re-Entrancy
Integer Overflow and Underflow
Randomness
Airdrop Hunting
Short Address Attack
Delegatecall
Uninitialized Storage Pointer
Arbitrary Writing
CREATE2
Jump Oriented Programming
Smart Contract Reverse
Learning Resources
Public Blockchain Security
Public Blockchain Security
Public Blockchain Security Overview
Blockchain Weaknesses
Blockchain Security Challenges
Trusted Execution Environment
¶