This post is a quick vulnerability report summary for a vulnerability we found while fuzzing the TCP/IP stack CycloneTCP.

This post is a noob-friendly introduction to whiteboxes along with the presentation and explanation of a (not-new) collision-based attack. The attack is demonstrated against a public whitebox, using QBDI to instrument and analyze the target in order to produce traces of execution.

This article aims to present a simple use of our Dynamic Binary Instrumentation framework QBDI which has recently been publicly released following a talk at 34C3. We will resolve, step by step, a CTF challenge by analyzing an obfuscated binary using QBDI, thus showcasing some of the nice features it offers. This blog post was written last year during my internship at Quarkslab, where I discovered the wonderful (but not so simple) world of Dynamic Binary Instrumentation.