Just well done, well explained and really useful, thank you!

amazing description, thank you!

FWIW for your (unused) heap leak attempt in the final challenge you don't need to spend 7+ more allocations by filling up the tcache and leaking a fast chunk. The head of the unsortedbin is stored in the main_arena (libc section) but all the succeeding chunks are of course linked on the heap, so you could actually add another unsorted chunk, free it and when you read the unsorted chunk the fd will be youre libc leak and the bk will be your heap leak

keep up the awesome work mate

Great walkthrough! Question: are you working on an M1 Mac? I see you are using Docker for pwn challenges and wondered if you managed to achieve a good setup on M1 to solve x86 pwnable challenges through emulation.

Only chal I beat was dice dice goose😭

hey man can i get your discord?