TISC 2021 - 1865 Text Adventure (Creator’s Writeup)
This challenge was created for The InfoSecurity Challenge (TISC) 2021 organised by the Centre for Strategic Infocomm Technologies (CSIT). It was the 9th leve...
Stickied Posts
NUS Greyhats at CDDC 2015 and (Almost) Epic Mass Exploitation
The Cyber Defenders Discovery Camp 2015 is an introductory computer security workshop slash competition targeted at students at the JC and IHL levels. This i...
Recent Posts
GraphicsMagick NULL Pointer Dereference in DICOM Decoder (CVE-2017-14994)
A null pointer dereference vulnerability in the GraphicsMagick DICOM image decoder allows an attacker to cause a denial-of-service condition or other unspeci...
Bypassing ASLR/NX with Ret2Libc and Named Pipes
This writeup describes my solution to an assignment for school requiring us to exploit a classic buffer overflow to gain a shell using return-to-libc techniq...
Bugs that Address Sanitizer Does Not Detect
A lab for school required us to design 3 examples of memory bugs that are not detected by Address Sanitizer. I thought it was a pretty informative exercise s...
CVE-2016-10190 Detailed Writeup
FFmpeg is a popular free software project that develops libraries and programs for manipulating audio, video, and image data. The vulnerability exists in the...
Singapore Cyber Conquest 2017
The NUS Greyhats played in the Singapore Cyber Conquest 2017 held at the GovWare 2017 conference as part of the Singapore International Cyber week. Two of ou...
Singapore Cyber Conquest 2017 - Web 3 (Web)
Using the SQL injection vulnerability to write a PHP file to the disk and executing it with a local file inclusion vulnerability gives remote code execution.
Singapore Cyber Conquest 2017 - Web 2 (Web)
Standard SQL injection challenge in which dumping out the data in the database reveals the flag.