TISC 2021 - 1865 Text Adventure (Creator’s Writeup)
This challenge was created for The InfoSecurity Challenge (TISC) 2021 organised by the Centre for Strategic Infocomm Technologies (CSIT). It was the 9th leve...
Stickied Posts
NUS Greyhats at CDDC 2015 and (Almost) Epic Mass Exploitation
The Cyber Defenders Discovery Camp 2015 is an introductory computer security workshop slash competition targeted at students at the JC and IHL levels. This i...
Recent Posts
HITBGSEC CTF 2017 - arrdeepee (Misc)
Extracting the private key into a PEM file from a PKCS12 file transmitted over UDP allows the investigator to decrypt an RDP session and recover some secret ...
HITBGSEC CTF 2017 - 1000levels (Pwn)
Uninitialised variable usage allows for reliable exploitation of a classic stack overflow on a NX and PIE enabled binary using gadgets from the vsyscall page...
The Nandy Narwhals Blog Gets Another New Look!
We’ve moved from our old Wordpress blog to a new one hosted on Github Pages powered by Jekyll and Minimal Mistakes!
CTF(x) 2016 - North Korea (Web)
Fake an originating IP address from North Korea using the X-Forwarded-For header.
CTF(x) 2016 - Harambe Hub (Web)
Use of String.match as opposed to String.equals in Java allows an attacker to recover sensitive input such as an admin username character by character with r...
CTF(x) 2016 - guesslength (Binary)
Overwriting a null byte in a buffer causes printf to print sensitive struct data.
CTF(x) 2016 - Dat Boinary (Binary)
Off-by-one error allows overwrite of a null byte that allows for a struct to be completely filled with non-null bytes which tricks strlen into returning a la...