Home Home
Scavenger Security
Cancel

Codefest 2020 - Anime Is Love [Forensics]

Anime is love was one of the forensics challenges in Codefest CTF 2020. The challenge description reads: You know what to do. Author:pseudo_bot#7514 file: anime.jpg The file we are given looks ...

Codefest 2020 - telephone [Forensics]

telephone was one of the forensics challenges in codefest ctf 2021. The challenge has some forensics elements but is mostly stego. We get a PNG image named telephone.png: From here we run the ...

NahamCon 2021 - ddr [Scripting]

For this challenge we are given the following image and asked to find a flag with the format flag{something_here}: Since is a scripting challenge, let’s start parsing the image. import cv2 import...

Codefest 2020 - tooeasy [Reversing]

tooeasy is a reversing challenge with 17 solves. The description reads: I mean lets get to basics, I have my tried to get in how real malware authors would hide there stuff but still this chall ...

Solving a Use-After-Free bug in libbus

Recently I published a blog post on libbus, a small library I wrote to handle distributed message passing between threads. The library makes use of atomic functions to ensure synchronism. These ope...

libbus: A concurrent message passing library

Earlier this week I wrote, over the course of an evening, a very simple library to implement basic shared message passing called libbus. In this blog post I want to delve a bit deeper into the rati...

Tenable CTF 2021 - A3S Turtles [Stego]

In this stego challenge we are given a password protected zip called turtles128.zip. After bruteforcing it we observe that there are 128 nested zips protected with “0” or “1” as their password. We ...

Tenable CTF 2021 – Hacker Manifesto [Reversing]

Hacker Manifesto is a 250 point reverse engineering challenge. It reads: We found this file on a compromised host. It appears to contain data, but we’re not sure how to decode it. Maybe you can ...

BambooFox CTF 2021 – Emoji [Web]

In this web challenge we have a short PHP code where it is possible to execute arbitrary code after bypassing two input sanitization filters. First, we have an input length limitation protection...

BambooFox CTF 2021 – Time to Draw [Web]

Time to Draw is a web challenge based on Node.js. The main page presented a canvas on which one could draw by clicking on it, and several buttons on the right side. One of those buttons showed the ...