Home Home
Scavenger Security
Cancel

Securinets CTF Quals 2021 - RUN! [Reversing]

RUN! is a reversing challenge that got 15 solves. We are a provided a Windows PE binary called wamup.exe and the following description: keygenme now! nc bin.q21.ctfsecurinets.com 2324 If we...

Codefest 2020 - Anime Is Love [Forensics]

Anime is love was one of the forensics challenges in Codefest CTF 2020. The challenge description reads: You know what to do. Author:pseudo_bot#7514 file: anime.jpg The file we are given looks ...

Codefest 2020 - telephone [Forensics]

telephone was one of the forensics challenges in codefest ctf 2021. The challenge has some forensics elements but is mostly stego. We get a PNG image named telephone.png: From here we run the ...

NahamCon 2021 - ddr [Scripting]

For this challenge we are given the following image and asked to find a flag with the format flag{something_here}: Since is a scripting challenge, let’s start parsing the image. import cv2 import...

Codefest 2020 - tooeasy [Reversing]

tooeasy is a reversing challenge with 17 solves. The description reads: I mean lets get to basics, I have my tried to get in how real malware authors would hide there stuff but still this chall ...

Solving a Use-After-Free bug in libbus

Recently I published a blog post on libbus, a small library I wrote to handle distributed message passing between threads. The library makes use of atomic functions to ensure synchronism. These ope...

libbus: A concurrent message passing library

Earlier this week I wrote, over the course of an evening, a very simple library to implement basic shared message passing called libbus. In this blog post I want to delve a bit deeper into the rati...

Tenable CTF 2021 - A3S Turtles [Stego]

In this stego challenge we are given a password protected zip called turtles128.zip. After bruteforcing it we observe that there are 128 nested zips protected with “0” or “1” as their password. We ...

Tenable CTF 2021 – Hacker Manifesto [Reversing]

Hacker Manifesto is a 250 point reverse engineering challenge. It reads: We found this file on a compromised host. It appears to contain data, but we’re not sure how to decode it. Maybe you can ...

BambooFox CTF 2021 – Emoji [Web]

In this web challenge we have a short PHP code where it is possible to execute arbitrary code after bypassing two input sanitization filters. First, we have an input length limitation protection...