TISC 2021 - 1865 Text Adventure (Creator’s Writeup)
This challenge was created for The InfoSecurity Challenge (TISC) 2021 organised by the Centre for Strategic Infocomm Technologies (CSIT). It was the 9th leve...
Stickied Posts
NUS Greyhats at CDDC 2015 and (Almost) Epic Mass Exploitation
The Cyber Defenders Discovery Camp 2015 is an introductory computer security workshop slash competition targeted at students at the JC and IHL levels. This i...
Recent Posts
Cyberpeace 2022 - Crysys (Pwn)
Summary: A minimal binary with only the read libc function and containing a standard stack overflow can be exploited by leveraging a common add-what-where ga...
TetCTF 2022 - Newbie (Pwn)
Summary: An ELF binary contains functionality to generate a ‘hashed’ identifier from two bytes of memory at an offset specified by the user. This ‘hashed’ id...
TetCTF 2022 - EzFlag (Web/Pwn)
Summary: In this two part challenge, flawed filename logic allows an attacker to write arbitrary Python files that are executed as a CGI script. Once the att...
Sieberrsec 3.0 CTF (2021) - Turbo Fast Crypto (Crypto/Pwn)
Summary: An insecurely implemented Python native library allows for an attacker to exfiltrate the XOR key used to ‘encrypt’ arbitrary data as well as contain...
Sieberrsec 3.0 CTF (2021) - totallyfoolproofcrypto (Crypto)
Summary: Standard byte-by-byte ECB oracle decryption.
Sieberrsec 3.0 CTF (2021) - Malloc (Pwn)
Summary: Control of the size parameter to malloc and a subsequent lack of checking that the returned pointer is not 0 leads to an arbitrary null byte write t...
Sieberrsec 3.0 CTF (2021) - Digging in the Dump (Forensics)
Summary: A dump of a Windows user’s AppData containing Google Chrome library data files and Windows DPAPI master key files can be used in conjunction with th...