Stickied Posts

Recent Posts

CTF(x) 2016 - Dat Boinary (Binary)

1 minute read

Off-by-one error allows overwrite of a null byte that allows for a struct to be completely filled with non-null bytes which tricks strlen into returning a la...

CTF(x) 2016 - Custom Auth (Crypto)

less than 1 minute read

A cookie using ECB mode encryption allows an attacker to forge admin privileges by rearranging encrypted blocks for decryption.

X-CTF 2016 - The Snek (Web)

6 minute read

PHP local file inclusion vulnerability leads to source code disclosure revealing python code vulnerable to a hash extension attack allowing an attacker to fa...

HackIM 2016 Case Study

7 minute read

The Dystopian Narwhals played in the HackIM 2016 CTF organised by Nullcon the last weekend and I must say, it was the most controversial ones I’ve ever exper...

32C3CTF - TinyHosting (Web 250)

3 minute read

A PHP service that allows uploading of small files (<= 7 bytes) with arbitrary filenames within a browsable path.

32C3CTF - Teufel (Pwn 200)

6 minute read

Exploit a tiny binary with an extremely customised memory mapping with an infoleak leading to libc disclosure and jump to magic shell address.