Kitctfctf Rev protector This was a cool reversing challenge where I wrote a GDB script to undo obfuscated operations to get the flag.
Kitctfctf Misc Grep it? CodeQL it! CodeQL: a surprisingly handy tool! Just need to read the instructions more carefully next time…
Xmas Misc Blocker, Cookie Market, & Bread Bank Blockchain: a new way to program… and a new way to write vulnerable code.
Nitectf Web un(documented)-js-api DOM clobbering, domain takeovers, shared process slowdowns, and CSS exfiltration, oh my!
Buckeyectf Pwn stack duck I love ducks, so I was a little saddened to see that this duck was a canary in disguise. Still a birb though!
Buckeyectf Misc nile & andes Despite having worked in smart contract security, I have never actually performed an attack before – until now. Let’s take a look at some not-so-smart contracts, shall we?
Hacklu Crypto Linear Starter Every delicious meal needs a starter and I have great news for you: This one is even linear!
Buckeyectf Rev intel does what amd'ont This was the first time I reversed a binary with obfuscated code!
Bluehensctf Misc Rick and Morty - One Time Pad - Esoteric Languages Memes as an internet subculture, World War era encryption schemes, and program states as stacks of dynamically sized integers, oh my! How do they all connect?
Bluehensctf Misc Wordles with Dads Another variation of Wordle, just like my previous writeup on Vocaloid Heardle.
Sekaictf Misc Sus Someone sent this file to me, claiming he got it from a SEKAI where the palette is not colorful but purple. I had no idea what he was talking about – I only
Bluehensctf Pwn Intro to PWN 1-3 This was my first time doing a CTF, so I literally had no idea what was going on the whole time. But I do think I learned a good bit from just observing
Bluehensctf Misc CryptoDuck! Digital circuits and Python: low-level meets high-level in the solution to this oddball of a challenge.
Wreckctf Web password-3 A quick but interesting proof-of-concept demonstrating that security by obscurity does not and will never work. Even if you don’t show reflected feedback from SQL commands, your database is still not safe.
Sekaictf Web Bottle Poem For this web challenge, we had to utilize two different exploits to get the flag – and one of them wasn’t a web exploit!
Bluehensctf Forensics The Quantum Realm Forensics! Stego! Look, they even gave us an image! You know the drill.
Sekaictf Web Issues: Another JWT Challenge Oh, JWTs. A well-intentioned standard, for sure – but my god, the number of implementation mistakes you can make.
Sekaictf Crypto Secure Image Encryption! One of the more solvable challenges… completed in the silliest way possible.
Sekaictf Misc Vocaloid Heardle Well, it’s just too usual to hide a flag in stegano, database, cipher, or server. What if we decide to sing it out instead?
Sekaictf Misc Matryoshka ANSI escape codes. Race conditions in PNG parsing. Digital COVID-19 vaccination records. De-noising audio files and the NATO phonetic alphabet. The only thing linking all of them? A race to solve a CTF
