Making something akin to awesome-mobile-ctf but for Windows to curate a list of Windows CTF problems.
Learning Resources
- Windows Papers
- Windows Internals CTF
- 2019 Winter WinPwn Seminar
- WinPwn Resources
- Windows Internals CTF
Pwnables
See Xion’s WinPwn resources for more references on Windows exploitation.
| Name | Competition | Writeups | Topics |
|---|---|---|---|
| LPE (Fullchain) | Codegate 2025 |
Enki WhiteHat |
Kernel |
| ProcessFlipper | SekaiCTF 2024 |
Sekai MochiNishimiya ctfiot |
Kernel |
| BabyKernel | Midnight Sun CTF 2024 Quals | revervand (CBS) | Kernel |
| WkNote | SECCON CTF 2023 | mephi42 (More Smoked Leet Chicken) | |
| HFSAntiCheat | Midnight Sun CTF 2023 Finals |
clubby789 (DiceGang Bleen) elakkod ptr-yudai (TokyoWesterns) |
Kernel |
| Insobug | Insomni’hack 2023 Teaser | itm4n | Usermode |
| BFS Ekoparty 2022 | Ekoparty 2022 |
xct voidsec |
User |
| Hexacon 2022 Challenge | Hexacon 2022 | nneonneo | Hyper-V VM Escape |
| OpenDoor | Hack the Box Business CTF 2022 | HTB Blog | Kernel |
| PwnME | INTENT CTF 2022 | Writeup | |
| wine | PicoCTF 2022 | CavemanJay (WCSC) | Beginner Usermode |
| EasyVM | Azure Assassin Alliance CTF 2022 | ||
| A..Mazing.exe | SSTIC 2021 Challenge | nneonneo | Usermode |
| pe_analysis (Description) | Pwn2Win CTF 2021 |
n0ps13d [Epic Leet Team] ptr-yudai [uuunderflow] |
Usermode Open Source PE File Format |
| Archangel Michael’s Storage | HITCON CTF 2020 |
AngelBoy [HITCON] how2hack [Balsn] Xion [KAIST GoN] (partially solved) |
Usermode User segment heap |
| Lucifer | HITCON CTF 2020 | AngelBoy [HITCON] | Kernel Kernel segment heap |
| BitmapManager | Dragon CTF 2020 |
j00ru [Dragon Sector] Faith [Perfect Guesser] |
|
| LowFunHeap | Hack.lu CTF 2020 | Xion [KAIST GoN] | LFH heap |
| winsanity | Codegate 2020 Finals | Xion [KAIST GoN] | Usermode |
| winterpreter | Codegate 2020 Quals | Xion [KAIST GoN] | Usermode |
| WinKern x64 - Use After Free |
Root Me | Kernel | |
| WinKern x64 - Advanced stack buffer overflow - ROP |
Root Me | Kernel | |
| dadadb | HITCON 2019 (Quals) | AngelBoy [HITCON] | Kernel Kernel segment heap Heap |
| Breath of Shadow | HITCON 2019 (Quals) | AngelBoy [HITCON] | Kernel KVA Shadow |
| LazyFragmentationHeap | WCTF 2019 | AngelBoy [HITCON] | LFH Heap |
| Ekoparty 2019 |
Daniel Brodsky trickster0 |
||
| BabyKernel | Dragon CTF 2019 |
j00ru [Dragon Sector] slashb4sh [bi0s] |
|
| winhttpd | Insomnihack 2019 (Quals) |
0daysober | Heap Private Heap |
| PE32 - Stack buffer overflow basic |
Root Me | Usermode Stack buffer overflow |
|
| PE32 - Advanced stack buffer overflow |
Root Me | Usermode Stack buffer overflow |
|
| PE32+ Format string bug |
Root Me | Usermode Format string bug |
|
| PE32+ Basic ROP | Root Me | Usermode ROP |
|
| BFS Ekoparty 2018 Challenge | Ekoparty 2018 | ||
| elgoog/Searchme | WCTF 2018 | j00ru [Dragon Sector] | Heap |
| pigdriver | WCTF 2018 | r3kapig | |
| Windowsland | HITCON CTF 2018 | wmliang | |
| globetrotter | CSAW CTF 2018 Finals |
OSIRIS Lab mhackeroni |
Heap |
| StrikeBack | Insomnihack 2018 | 0daysober | |
| BFS Ekoparty 2017 Challenge | Ekoparty 2017 | ||
| DEFCON CTF 2017 Quals | Securifera | ||
| BFS Ekoparty 2017 Challenge | Ekoparty 2017 | ||
| Divided | DEFCON CTF 2017 Quals | Securifera | |
| Fastcalc | CONFidence CTF 2017 (Teaser) |
chksum[0] 9447 |
|
| Fastcalc (Hardened) | CONFidence CTF 2017 (Finals) |
||
| firewall | CSAW 2017 Quals |
OSIRISLab Shell Collecting Club irGeeks |
|
| babystack | HITB GSEC 2017 | whereisk0shl | |
| babyshellcode | HITB GSEC 2017 | babyshellcode | |
| Divided | DEFCON 2017 (Quals) | Securifera | |
| winworld | Insomnihack 2017 (Teaser) |
0daysober pasten |
|
| easywin | Insomnihack 2017 (Finals) |
0daysober | |
| pwn2 | AIS3 2017 (Quals) | TastyFeeder | |
| Bubblegum | CONFidence 2016 (Teaser) | j00ru | |
| Entree | CONFidence 2016 (Finals) | j00ru | |
| easier | DEFCON 2016 (Quals) | 9447 | |
| 100percent | Belluminar 2016 | leetchicken | |
| thing2 | DEFCON 2015 (Quals) | Blackperlsecurity (Part 1|Part 2|Part 3) ??? on Pastebin |
|
| drunk | BCTF 2015 |
rzhou percontation/clockish |
|
| VBS | 0CTF 2015 (Quals) |
seanwupi CVE-2014-6332 |
CVE-2014-6332 VBScript/IE |
| greenhornd | CSAW 2014 (Quals) |
TrailOfBits HackUCF g05u |
Stack buffer overflow ROP |
| Links | CSAW 2014 (Finals) | gaasedelen | |
| Brokenwindow | Power of XX 2014 (Finals) |
sweetchip Blackperlsecurity |
|
| Breznparadisebugmaschine | Hack.lu CTF 2013 |
rzhou captf g05u |
Reversing
| Name | Competition | Writeups | Topics |
|---|---|---|---|
| DoroboH | SECCON CTF 2022 |
Unintended Solution: strings -e lkirschju [hxp] sqrtrev [Super Guesser] snwo Tan90909090 0xcpu [WreckTheLine] st98 |
Windows Credential Provider |
| MiniFilter | ECW2022 | RandoriSec | Minifilter Driver |
| Brutal Oldskull | Teaser Dragon CTF 2018 |
Dragon Sector EmpireCTF |
|
| STDIN | Pragyan CTF 2016 | superkojiman | |
| Memory | CONFidence 2014 | j00ru |