TISC 2021 - 1865 Text Adventure (Creator’s Writeup)
This challenge was created for The InfoSecurity Challenge (TISC) 2021 organised by the Centre for Strategic Infocomm Technologies (CSIT). It was the 9th leve...
Stickied Posts
NUS Greyhats at CDDC 2015 and (Almost) Epic Mass Exploitation
The Cyber Defenders Discovery Camp 2015 is an introductory computer security workshop slash competition targeted at students at the JC and IHL levels. This i...
Recent Posts
BSides SF CTF 2018 - Gorribler (Pwn)
Execute arbitrary shellcode by writing to the buffer by calculating values that provide the right values when simulating a projectile’s trajectory.
Midnight Sun 2018 - Jeil (Pwn)
Javascript jail challenge that filters most Javascript special symbols and alphabets.
Midnight Sun 2018 - Botpanel (Pwn)
Multiple vulnerabilties involving formats strings and unsafe threaded access to shared variables in a 32 bit ELF binary allows an attacker to obtain remote c...
Midnight Sun 2018 - Babyshells (Pwn)
Exploiting the same ‘vulnerable’ binary on three different architectures: x86, ARM, MIPS.
HITB GSEC Qualifiers 2018 - Upload (Web)
The FindFirstFile() function in the Windows API can cause odd behaviour in PHP applications running on Windows. We leverage this to leak information about th...
HITB GSEC Qualifiers 2018 - Read File (Misc)
Arbitrary shell commands can be created by using only punctuation in a service that filters all characters except for punctuation.
HITB GSEC Qualifiers 2018 - Baby Pwn (Pwn)
Using a format string attack on a remote server, an attacker can leverage certain data structures present in a running Linux process to ascertain key address...