Stickied Posts

Recent Posts

HXP 2021 - unzipper (Web)

2 minute read

Summary: The PHP function realpath can be tricked to allow other protocol wrappers to be used in readfile by specially crafting the directories in an unzippe...

HXP 2021 - Gipfel (Crypto)

3 minute read

Summary: Choosing the value of the prime modulus - 1 as the base in a pseudo Diffie Hellman key exchange scheme allows setting a shared value to 1. When this...

HXP 2021 - brie man (Misc)

1 minute read

Summary: Sagemath contains sinks that allow for the arbitrary execution of Python code when converting from user input to math objects.

VULNCON CTF 2021

16 minute read

Summary: I played VULNCON CTF 2021 for a couple of hours and solved a few challenges. Here are the quick solutions to the few challenges that were solved.