TISC 2021 - 1865 Text Adventure (Creator’s Writeup)
This challenge was created for The InfoSecurity Challenge (TISC) 2021 organised by the Centre for Strategic Infocomm Technologies (CSIT). It was the 9th leve...
Stickied Posts
NUS Greyhats at CDDC 2015 and (Almost) Epic Mass Exploitation
The Cyber Defenders Discovery Camp 2015 is an introductory computer security workshop slash competition targeted at students at the JC and IHL levels. This i...
Recent Posts
CTF(x) 2016 - Custom Auth (Crypto)
A cookie using ECB mode encryption allows an attacker to forge admin privileges by rearranging encrypted blocks for decryption.
X-CTF 2016 - The Snek (Web)
PHP local file inclusion vulnerability leads to source code disclosure revealing python code vulnerable to a hash extension attack allowing an attacker to fa...
HackIM 2016 Case Study
The Dystopian Narwhals played in the HackIM 2016 CTF organised by Nullcon the last weekend and I must say, it was the most controversial ones I’ve ever exper...
32C3CTF - TinyHosting (Web 250)
A PHP service that allows uploading of small files (<= 7 bytes) with arbitrary filenames within a browsable path.
32C3CTF - Teufel (Pwn 200)
Exploit a tiny binary with an extremely customised memory mapping with an infoleak leading to libc disclosure and jump to magic shell address.
32C3CTF - Readme (Pwn 200)
Abuse the stack smashing protector infoleak vulnerability to leak the flag.
32C3CTF - Kummerkasten (Web 300)
Steal the password and TOTP token from an admin using cross-site scripting.