TISC 2021 - 1865 Text Adventure (Creator’s Writeup)
This challenge was created for The InfoSecurity Challenge (TISC) 2021 organised by the Centre for Strategic Infocomm Technologies (CSIT). It was the 9th leve...
Stickied Posts
NUS Greyhats at CDDC 2015 and (Almost) Epic Mass Exploitation
The Cyber Defenders Discovery Camp 2015 is an introductory computer security workshop slash competition targeted at students at the JC and IHL levels. This i...
Recent Posts
HITB GSEC Qualifiers 2018 - Baby Nya (Web)
An exposed Apache JServ Protocol server allows an attacker to proxy requests to Tomcat server running Jolokia. The Jolokia instance allows the attacker to cr...
HITB GSEC Qualifiers 2018 - Baby Baby (Web)
An exposed Kubelets port in a vulnerable deployment allows an attacker to run commands without authentication remotely within containers.
GraphicsMagick Information Disclosure when Describing IPTC Profile (CVE-2017-16353)
A heap-based buffer overread in the code responsible for printing IPTC information verbosely allows an attacker to leak sensitive information by supplying a ...
GraphicsMagick Heap Overflow when Describing Directories (CVE-2017-16352)
An unsafe call to strncpy in magick/describe.c causes a heap overflow when describing images with overly long directories. The vulnerable code path can be tr...
MuPDF mutools Out-of-Bounds Write Vulnerability (CVE-2017-15587)
A vulnerability in mutools PDF parsing functionality allows an attacker to write controlled data to an arbitrary location in memory due to an integer overflo...
Denial of Service Vulnerability in Libprocess (CVE-2017-9790)
A vulnerability in the libprocess dependency of Mesos allows a remote attacker to cause a crash in any Mesos component that includes the library. The bug res...
Denial of Service Vulnerability in Libprocess (CVE-2017-7687)
A vulnerability in the libprocess dependency of Mesos allows a remote attacker to cause a crash in any Mesos component that includes the library. The bug res...