CTF

A Capture the Flag (CTF) is a competition where participants hunt for flags (pieces of text such as flag{some_unique_text_or_hopefully_meaningful_message}) hidden inside vulnerable executables, applications, files, and whatnot. These competitions are usually held in the jeopardy format, where each challenge is contained in a separate box and has a number of points attached.

It is a hacking competition, not in the sense of destroying things or developing lousy business ideas, but in breaking things apart to understand how they work and discovering new ways of doing things.

Thumbnail for Sharing is Caring: Arbitrary Code Execution for Breakfast
Thumbnail for Sharing is Caring: Arbitrary Code Execution for Breakfast

Sharing is Caring: Arbitrary Code Execution for Breakfast

Binary exploitation in C++, gadget mania, and a new form of deserialization attack.

2025‑10‑03
10 minute read
pwn cpp infosec
Thumbnail for Dynamic Views Loading – Abusing Server Side Rendering in Drogon
Thumbnail for Dynamic Views Loading – Abusing Server Side Rendering in Drogon

Dynamic Views Loading – Abusing Server Side Rendering in Drogon

What could go wrong releasing a C++ web server with "live reload" into the wild?

2024‑08‑18
8 minute read
infosec cpp web
Thumbnail for From Compression to Compromise: Unmasking Zip File Threats
Thumbnail for From Compression to Compromise: Unmasking Zip File Threats

From Compression to Compromise: Unmasking Zip File Threats

Deep dive into zip file attacks and mitigations (with examples!).

2024‑02‑15
7 minute read
infosec notes web
Thumbnail for HKCERT CTF 2023 – Decompetition: Vitamin C++
Thumbnail for HKCERT CTF 2023 – Decompetition: Vitamin C++

HKCERT CTF 2023 – Decompetition: Vitamin C++

A beginner-friendly writeup to reverse-engineering C++ a lá decompetition. Years of complex shenanigans condensed!

2023‑11‑16
8 minute read
reverse cpp tutorial
Thumbnail for N[Subtype Metaprogramming] is N[Mostly Harmless]
Thumbnail for N[Subtype Metaprogramming] is N[Mostly Harmless]

N[Subtype Metaprogramming] is N[Mostly Harmless]

Inheritance go brrrrrrrr... abusing turing-complete typesystems to write fun programs in Python.

2023‑10‑02
8 minute read
types python tutorial
Thumbnail for HITCON 2023 – The Blade
Thumbnail for HITCON 2023 – The Blade

HITCON 2023 – The Blade

Beginner-friendly writeup for a nifty Rust reversing challenge.

2023‑09‑20
6 minute read
reverse rust python
Thumbnail for GDB/GEF Cheatsheet
Thumbnail for GDB/GEF Cheatsheet

GDB/GEF Cheatsheet

Quick command reference on one of the most powerful tools for dynamic analysis.

2023‑09‑11
4 minute read
programming cheatsheet infosec
Thumbnail for The HKUST Firebird CTF Team
Thumbnail for The HKUST Firebird CTF Team

The HKUST Firebird CTF Team

Experiences and reflections journeying with the HKUST Firebird CTF Team.

2023‑05‑29
4 minute read
hkust reflection experience
Thumbnail for HKCERT CTF 2022 – C++harming Website
Thumbnail for HKCERT CTF 2022 – C++harming Website

HKCERT CTF 2022 – C++harming Website

A harming website? Hope it doesn't harm my sleep!

2022‑11‑15
4 minute read
reverse cpp writeup
Thumbnail for HKCERT CTF 2022 – Base64 Encryption
Thumbnail for HKCERT CTF 2022 – Base64 Encryption

HKCERT CTF 2022 – Base64 Encryption

Frequency analysis with a touch of heuristics.

2022‑11‑14
3 minute read
cryptography python writeup
Thumbnail for TAMUctf 2022 – CTF Sim
Thumbnail for TAMUctf 2022 – CTF Sim

TAMUctf 2022 – CTF Sim

Oops, your vpointer was redirected.

2022‑04‑24
6 minute read
pwn python cpp