squ1rrel

The Vanderbilt University CTF Club

  • Home
  • About
  • Team
  • CTFTime
Kitctfctf Rev

protector

This was a cool reversing challenge where I wrote a GDB script to undo obfuscated operations to get the flag.

Akash Akash 7 min read
Htb Crypto

AESWCM

Cryptography transcends wizardry.

Holden Turner Holden Turner 16 min read
Kitctfctf Misc

Grep it? CodeQL it!

CodeQL: a surprisingly handy tool! Just need to read the instructions more carefully next time…

Zi Teoh Zi Teoh 6 min read
Kitctfctf Web

Etherpad 1 & 2

LDAP me up, bro.

Kyle Burgess Kyle Burgess 6 min read
Nitectf Misc

The Boys

Miscellaneous sure is one way to describe it.

Sam Sliman Sam Sliman 2 min read
Xmas Misc

Blocker, Cookie Market, & Bread Bank

Blockchain: a new way to program… and a new way to write vulnerable code.

David Perez David Perez 15 min read
Nitectf Web

un(documented)-js-api

DOM clobbering, domain takeovers, shared process slowdowns, and CSS exfiltration, oh my!

Nisala Nisala 8 min read
Kitctfctf Crypto

Prime Guesser 1 & 2

Who needs math when you can just guess?

Holden Turner Holden Turner 56 min read
Nitectf Forensics

Revisiting Classics

Paging Nick Gebo - Get Your Ass In Here

Sam Sliman Sam Sliman 1 min read
Buckeyectf Misc

frog-universe

Welcome to Frog Universe!

Aryan Garg Aryan Garg 33 min read
Buckeyectf Crypto

bonce

This challenge gives us two files, output.txt and bonce.py.

Evelyn Evelyn 4 min read
Buckeyectf Pwn

stack duck

I love ducks, so I was a little saddened to see that this duck was a canary in disguise. Still a birb though!

Patrick Dobranowski Patrick Dobranowski 13 min read
Buckeyectf Crypto

SSSHIT

A crypto challenge that boils down to “3x - 3a + b = c”.

Sam Alws Sam Alws 6 min read
Buckeyectf Misc

spelunk

All of these challenges are too hard for me. Wait… is that Minecraft???

Maya Maya 5 min read
Buckeyectf Crypto

powerball

I like free money. Crypto and lottery in the same sentence? Say less.

Aadi Bajpai Aadi Bajpai 6 min read
Buckeyectf Misc

nile & andes

Despite having worked in smart contract security, I have never actually performed an attack before – until now. Let’s take a look at some not-so-smart contracts, shall we?

Ben Siraphob Ben Siraphob 11 min read
Buckeyectf Rev

cap

This litty challenge was highkey bussin bruh, on god, no cap fr fr. Sheeesh.

Abi Kothapalli Abi Kothapalli 18 min read
Hacklu Crypto

Linear Starter

Every delicious meal needs a starter and I have great news for you: This one is even linear!

Zi Teoh Zi Teoh 4 min read
Buckeyectf Rev

intel does what amd'ont

This was the first time I reversed a binary with obfuscated code!

Akash Akash 12 min read
Buckeyectf Rev

crispyr

Rust is wonderful to write, but reversing it is quite the challenge.

Akash Akash 8 min read
Buckeyectf Misc

devil

I can sorta do CTF problems – but deep down, I’m a DevOps guy.

Nisala Nisala 7 min read
Bluehensctf Misc

Rick and Morty - One Time Pad - Esoteric Languages

Memes as an internet subculture, World War era encryption schemes, and program states as stacks of dynamically sized integers, oh my! How do they all connect?

Patrick Dobranowski Patrick Dobranowski 20 min read
Buckeyectf Web

goober

How on earth do SVGs have so many security vulnerabilities?

Nisala Nisala 3 min read
Bluehensctf Misc

Wordles with Dads

Another variation of Wordle, just like my previous writeup on Vocaloid Heardle.

squ1rrel team squ1rrel team 11 min read
Sekaictf Misc

Sus

Someone sent this file to me, claiming he got it from a SEKAI where the palette is not colorful but purple. I had no idea what he was talking about – I only

Evelyn Evelyn 2 min read
Sekaictf Forensics

Broken Converter & flag Mono

A two-part CTF challenge!

Aryan Garg Aryan Garg 5 min read
Bluehensctf Pwn

Intro to PWN 1-3

This was my first time doing a CTF, so I literally had no idea what was going on the whole time. But I do think I learned a good bit from just observing

squ1rrel team squ1rrel team 6 min read
Bluehensctf Misc

CryptoDuck!

Digital circuits and Python: low-level meets high-level in the solution to this oddball of a challenge.

squ1rrel team squ1rrel team 4 min read
Wreckctf Web

password-3

A quick but interesting proof-of-concept demonstrating that security by obscurity does not and will never work. Even if you don’t show reflected feedback from SQL commands, your database is still not safe.

Patrick Dobranowski Patrick Dobranowski 5 min read
Sekaictf Web

Bottle Poem

For this web challenge, we had to utilize two different exploits to get the flag – and one of them wasn’t a web exploit!

Akash Akash 5 min read
Bluehensctf Forensics

The Quantum Realm

Forensics! Stego! Look, they even gave us an image! You know the drill.

squ1rrel team squ1rrel team 2 min read
Bluehensctf Web

Firefun!

I love Firebase. So this really was the perfect challenge for me.

Nisala Nisala 4 min read
Sekaictf Web

Issues: Another JWT Challenge

Oh, JWTs. A well-intentioned standard, for sure – but my god, the number of implementation mistakes you can make.

Nisala Nisala 4 min read
Sekaictf Crypto

Secure Image Encryption!

One of the more solvable challenges… completed in the silliest way possible.

Kyle Burgess Kyle Burgess 7 min read
Sekaictf Misc

Vocaloid Heardle

Well, it’s just too usual to hide a flag in stegano, database, cipher, or server. What if we decide to sing it out instead?

Zi Teoh Zi Teoh 8 min read
Sekaictf Misc

Matryoshka

ANSI escape codes. Race conditions in PNG parsing. Digital COVID-19 vaccination records. De-noising audio files and the NATO phonetic alphabet. The only thing linking all of them? A race to solve a CTF

Ben Siraphob Ben Siraphob 9 min read
squ1rrel © 2023
Latest Posts Twitter