And some kind of a hint: You are expected to fully break ASLR of the binary's text section. Think of ways of doing this without explicitly leaking addresses.

We have a couple of remarks on "Just The Right Spot" to help those on their way: 1. The PROT_EXEC only page is not required for exploitation 2. No leaks are possible 3. The reference solution includes executing a ROP chain

The final challenge has been released: FluxCloud DoH

The challenge description incorrectly stated that the module is a hardware decryption module. It's in fact a hardware encryption module. The description is now fixed.

New challenge released: BabyJS

New Challenge released: Litter Box

We missed to replace the flag{fake_flag}, penetrate us again to get the real flag.

Can you become a member of our Secret Pwnhub Academy Rewards Club? A second time?

P*rn Protocol is now there for you.

To make it fair for everyone, we split FluxCloud Serverless into two challenges. The old one has been rolled back to have the unintended bypass again, and the new FluxCloud Serverless 2.0 is the fixed one. We removed all solves, so please run your exploits again. Sorry for the inconvenience!

LowFunHeap is now open

FluxCloud Serverless is now fixed and online again! The old files are still available, but the fix will probably not give you a hint towards the intended solution.