For this challenge we are given the following image and asked to find a flag with the format flag{something_here}: Since is a scripting challenge, let’s start parsing the image. import cv2 import...
Codefest 2020 - tooeasy [Reversing]
tooeasy is a reversing challenge with 17 solves. The description reads: I mean lets get to basics, I have my tried to get in how real malware authors would hide there stuff but still this chall ...
Solving a Use-After-Free bug in libbus
Recently I published a blog post on libbus, a small library I wrote to handle distributed message passing between threads. The library makes use of atomic functions to ensure synchronism. These ope...
libbus: A concurrent message passing library
Earlier this week I wrote, over the course of an evening, a very simple library to implement basic shared message passing called libbus. In this blog post I want to delve a bit deeper into the rati...
Tenable CTF 2021 - A3S Turtles [Stego]
In this stego challenge we are given a password protected zip called turtles128.zip. After bruteforcing it we observe that there are 128 nested zips protected with “0” or “1” as their password. We ...
Tenable CTF 2021 – Hacker Manifesto [Reversing]
Hacker Manifesto is a 250 point reverse engineering challenge. It reads: We found this file on a compromised host. It appears to contain data, but we’re not sure how to decode it. Maybe you can ...
BambooFox CTF 2021 – Emoji [Web]
In this web challenge we have a short PHP code where it is possible to execute arbitrary code after bypassing two input sanitization filters. First, we have an input length limitation protection...
BambooFox CTF 2021 – Time to Draw [Web]
Time to Draw is a web challenge based on Node.js. The main page presented a canvas on which one could draw by clicking on it, and several buttons on the right side. One of those buttons showed the ...
hxp CTF 2020 – EXCELlence [Reversing]
EXCELlent is a medium difficulty challenge that got 58 solves. It reads: Excellent CTFs need excellent business strategies, and what would be more appropriate than Microsoft ® Excel ™? Of course...
2020 Metasploit Community CTF - 8 of Hearts (port 4545) [Pwn]
In this challenge our goal is to decrypt the flag using a binary called 8_of_hearts.elf. Looking at this binary we see that there is an encryption routine where each byte is decoded with an XOR ope...