Yet Another House ASIS Finals 2020 CTF Writeup

This writeup documents a CTF heap pwnable exploit against glibc 2.32: the author combines a poison null byte, large/unsorted-bin manipulations, a tcache stashing unlink attack to overwrite mp_.tcache_bins, and a tcache poison to gain an arbitrary write to __free_hook, then uses a COP gadget to pivot, bypass seccomp, and execute a ROP/mprotect+shellcode sequence. The report includes implementation details, mitigation notes, and step-by-step heap massaging used to achieve the exploit.