Stickied Posts

Recent Posts

ASIS CTF Finals 2015 - Shop 1 (Pwn)

3 minute read

An off-by-one error allows an attacker to leak return codes from memcmp to determine the difference in the supplied byte and the compared byte to leak the fl...

ASIS CTF Finals 2015 - Myblog (Web)

2 minute read

Server-side request forgery in a PDF page printer service in PHP leading to disclosure of secrets in a server-side PHP source code.

ASIS CTF Finals 2015 - Impossible (Web)

4 minute read

Type juggling in PHP’s weak comparison operator (==) allows an attacker to generate passwords to an administrator account and bypass the original MD5 hashing...

ASIS CTF Finals 2015 - Bodu (Crypto)

2 minute read

Use the Boneh-Durfee attack on low private exponents to recover the original two prime factors comprising the private key and decrypt an encrypted flag.