TISC 2021 - 1865 Text Adventure (Creator’s Writeup)
This challenge was created for The InfoSecurity Challenge (TISC) 2021 organised by the Centre for Strategic Infocomm Technologies (CSIT). It was the 9th leve...
Stickied Posts
NUS Greyhats at CDDC 2015 and (Almost) Epic Mass Exploitation
The Cyber Defenders Discovery Camp 2015 is an introductory computer security workshop slash competition targeted at students at the JC and IHL levels. This i...
Recent Posts
Singapore Cyber Conquest 2017 - Web 1 (Web)
Loose comparisons in PHP allow an attacker to bypass authentication.
Singapore Cyber Conquest 2017 - REV1 (Reversing)
Simple crackme style binary solved with a simple angr script.
Singapore Cyber Conquest 2017 - Jail (Misc)
Simple ruby jail challenge with a failing blacklist that deletes common methods that allow for arbitrary command execution.
Singapore Cyber Conquest 2017 - Case Converter (Pwn)
Simple stack overflow with a statically compiled binary can be exploited with a generated execve ROP chain. The ROP chain has to be split up into multiple st...
HITBGSEC CTF 2017
I participated with the NUS Greyhats in this year’s HITBGSEC CTF 2017. It was organised by the HITB Netherlands CTF team and the XCTF League crew. It ran ext...
HITBGSEC CTF 2017 - Pasty (Web)
JSON Web Tokens have no means of authenticating the header and thus can be abused to manipulate the server into verifying a forged signed message with a key ...
HITBGSEC CTF 2017 - flying high (Misc)
UBIFS images are recovered from a crashed drone and the flag is included in the video of the drone’s last moments.