Tags: pwn
Rating:
* set latch to `__printf_chk` GOT* leak libc by printing `vga->vs[0x10]`* overwrite with magic gadget
Full writeup at https://devcraft.io/2018/11/22/q-escape-seccon-2018.html
--vakzz
I don't remember
