TISC 2021 - 1865 Text Adventure (Creator’s Writeup)
This challenge was created for The InfoSecurity Challenge (TISC) 2021 organised by the Centre for Strategic Infocomm Technologies (CSIT). It was the 9th leve...
Stickied Posts
NUS Greyhats at CDDC 2015 and (Almost) Epic Mass Exploitation
The Cyber Defenders Discovery Camp 2015 is an introductory computer security workshop slash competition targeted at students at the JC and IHL levels. This i...
Recent Posts
Sieberrsec 3.0 CTF (2021) - Diffie’s Key Exchange 2 (Crypto)
Summary: Applying the small subgroup attack in a pseudo Diffie Hellman key exchange scheme that does not give the public A value allows for an attacker to co...
Sieberrsec 3.0 CTF (2021) - Can You Math It? (Misc)
Summary: Typical math scripting challenge. Just providing the solution for a safeeval version to avoid insecure evaluation of untrusted inputs.
HXP 2021 - unzipper (Web)
Summary: The PHP function realpath can be tricked to allow other protocol wrappers to be used in readfile by specially crafting the directories in an unzippe...
HXP 2021 - Log 4 Sanity Check (Misc)
Summary: Exploit log4j vulnerability to leak environment variables.
HXP 2021 - Gipfel (Crypto)
Summary: Choosing the value of the prime modulus - 1 as the base in a pseudo Diffie Hellman key exchange scheme allows setting a shared value to 1. When this...
HXP 2021 - brie man (Misc)
Summary: Sagemath contains sinks that allow for the arbitrary execution of Python code when converting from user input to math objects.
VULNCON CTF 2021
Summary: I played VULNCON CTF 2021 for a couple of hours and solved a few challenges. Here are the quick solutions to the few challenges that were solved.