Stickied Posts

Recent Posts


less than 1 minute read

I participated with the NUS Greyhats in this year’s HITBGSEC CTF 2017. It was organised by the HITB Netherlands CTF team and the XCTF League crew. It ran ext...

HITBGSEC CTF 2017 - Pasty (Web)

2 minute read

JSON Web Tokens have no means of authenticating the header and thus can be abused to manipulate the server into verifying a forged signed message with a key ...

HITBGSEC CTF 2017 - arrdeepee (Misc)

5 minute read

Extracting the private key into a PEM file from a PKCS12 file transmitted over UDP allows the investigator to decrypt an RDP session and recover some secret ...

HITBGSEC CTF 2017 - 1000levels (Pwn)

9 minute read

Uninitialised variable usage allows for reliable exploitation of a classic stack overflow on a NX and PIE enabled binary using gadgets from the vsyscall page...