CTF

Capture the Flag (CTF) are cybersecurity competitions where participants hunt for flags (pieces of text like flag{h3l1o_tH3Re}) hidden inside vulnerable executables, applications, files, and whatnot. These competitions are usually held in one of two formats. The most common format is jeopardy, where each challenge is contained in a separate box and has a number of points attached.

Dynamic Views Loading – Abusing Server Side Rendering in Drogon

What could go wrong releasing a C++ web server with "live reload" into the wild?

2024‑08‑18

12 minute read

From Compression to Compromise: Unmasking Zip File Threats

Deep dive into zip file attacks and mitigations (with examples!).

2024‑02‑15

10 minute read

HKCERT CTF 2023 – Decompetition: Vitamin C++

A beginner-friendly writeup to reverse-engineering C++ a lá decompetition. Years of complex shenanigans condensed!

2023‑11‑16

12 minute read

_^N[Subtype Metaprogramming_^] is _^N[Mostly Harmless_^]

Inheritance go brrrrrrrr... abusing turing-complete typesystems to write fun programs in Python.

2023‑10‑02

13 minute read

HITCON 2023 – The Blade

Beginner-friendly writeup for a nifty Rust reversing challenge.

2023‑09‑20

13 minute read

GDB/GEF Cheatsheet

Quick command reference on one of the most powerful tools for dynamic analysis.

2023‑09‑11

7 minute read

DUCTF 2023 – Wrong Signal

You straight to oops(). Right away.

2023‑09‑04

3 minute read

The HKUST Firebird CTF Team

Experiences and reflections journeying with the HKUST Firebird CTF Team.

2023‑05‑29

4 minute read

Remorse

Hiding messages with counterpoint.

2023‑01‑27

2 minute read

HKCERT CTF 2022 – C++harming Website

A harming website? Hope it doesn't harm my sleep!

2022‑11‑15

5 minute read

HKCERT CTF 2022 – Base64 Encryption

Frequency analysis with a touch of heuristics.

2022‑11‑14

5 minute read

DownUnderCTF 2022 – ezpz-rev

Grid puzzles aren't that easy.

2022‑09‑28

9 minute read

TAMUctf 2022 – CTF Sim

Oops, your vpointer was redirected.

2022‑04‑24