Stickied Posts

Recent Posts

ASIS CTF Finals 2015 - Myblog (Web)

2 minute read

Server-side request forgery in a PDF page printer service in PHP leading to disclosure of secrets in a server-side PHP source code.

ASIS CTF Finals 2015 - Impossible (Web)

4 minute read

Type juggling in PHP’s weak comparison operator (==) allows an attacker to generate passwords to an administrator account and bypass the original MD5 hashing...

ASIS CTF Finals 2015 - Bodu (Crypto)

2 minute read

Use the Boneh-Durfee attack on low private exponents to recover the original two prime factors comprising the private key and decrypt an encrypted flag.