RedpwnCTF 2020 Pwn Writeups (Four Function Heap, Zero the Hero)

RedpwnCTF 2020 pwn writeup covering two heap exploitation challenges: 'Four Function Heap' — a libc 2.27 tcache double-free and tcache_perthread_struct poisoning leading to an overwrite of __free_hook to execute system("/bin/sh"); and 'Zero the Hero' — an FSOP-based attack that forges _IO_FILE structures to overwrite __malloc_hook with a one-gadget. The report includes reversed pseudocode, a 14-step exploit plan for the first challenge, a bruteforce-and-FSOP approach for the second, and complete Python/Pwn scripts and notes about target libc offsets.