Rating: 4.5

* Press F12 on boot to get to the password prompt
* Overflow the password buffer and overwrite the hash destination pointer
* Create a hash that contains a jmp instruction, overwrite the password check function to always pass
* Disable secure boot via the device manager

https://devcraft.io/2019/06/25/secure-boot-google-ctf-2019-quals.html

Original writeup (https://devcraft.io/2019/06/25/secure-boot-google-ctf-2019-quals.html).