Stickied Posts

Recent Posts

HITBGSEC CTF 2017 - arrdeepee (Misc)

5 minute read

Extracting the private key into a PEM file from a PKCS12 file transmitted over UDP allows the investigator to decrypt an RDP session and recover some secret ...

HITBGSEC CTF 2017 - 1000levels (Pwn)

9 minute read

Uninitialised variable usage allows for reliable exploitation of a classic stack overflow on a NX and PIE enabled binary using gadgets from the vsyscall page...

CTF(x) 2016 - Harambe Hub (Web)

3 minute read

Use of String.match as opposed to String.equals in Java allows an attacker to recover sensitive input such as an admin username character by character with r...