Home Home
Scavenger Security
Cancel

NahamCon 2021 - ddr [Scripting]

For this challenge we are given the following image and asked to find a flag with the format flag{something_here}: Since is a scripting challenge, let’s start parsing the image. import cv2 import...

Codefest 2020 - tooeasy [Reversing]

tooeasy is a reversing challenge with 17 solves. The description reads: I mean lets get to basics, I have my tried to get in how real malware authors would hide there stuff but still this chall ...

Solving a Use-After-Free bug in libbus

Recently I published a blog post on libbus, a small library I wrote to handle distributed message passing between threads. The library makes use of atomic functions to ensure synchronism. These ope...

libbus: A concurrent message passing library

Earlier this week I wrote, over the course of an evening, a very simple library to implement basic shared message passing called libbus. In this blog post I want to delve a bit deeper into the rati...

Tenable CTF 2021 - A3S Turtles [Stego]

In this stego challenge we are given a password protected zip called turtles128.zip. After bruteforcing it we observe that there are 128 nested zips protected with “0” or “1” as their password. We ...

Tenable CTF 2021 – Hacker Manifesto [Reversing]

Hacker Manifesto is a 250 point reverse engineering challenge. It reads: We found this file on a compromised host. It appears to contain data, but we’re not sure how to decode it. Maybe you can ...

BambooFox CTF 2021 – Emoji [Web]

In this web challenge we have a short PHP code where it is possible to execute arbitrary code after bypassing two input sanitization filters. First, we have an input length limitation protection...

BambooFox CTF 2021 – Time to Draw [Web]

Time to Draw is a web challenge based on Node.js. The main page presented a canvas on which one could draw by clicking on it, and several buttons on the right side. One of those buttons showed the ...

hxp CTF 2020 – EXCELlence [Reversing]

EXCELlent is a medium difficulty challenge that got 58 solves. It reads: Excellent CTFs need excellent business strategies, and what would be more appropriate than Microsoft ® Excel ™? Of course...

2020 Metasploit Community CTF - 8 of Hearts (port 4545) [Pwn]

In this challenge our goal is to decrypt the flag using a binary called 8_of_hearts.elf. Looking at this binary we see that there is an encryption routine where each byte is decoded with an XOR ope...