Dec 5, 2024 - by Luca "regne"
Introduction The FireShell Security Team was responsible for BHack CTF for one more year, and this year was my first time creating challenges. After thinking about and researching an interesting mobile challenge, I discovered an interesting trick to bypass freeRASP,...
Capture the Flag , Mobile , Writeup
Aug 14, 2024 - by Neptunian
Intigriti keeps challenging us with XSS fun time, this time with a challenge by CryptoCat. I had a great time doing it. This writeup follows the line of thinking of solving the challenge from zero, so it will be easier...
Capture the Flag , Web , Writeup
Aug 14, 2024 - by Marzano "Macmod"
corCTF is maintained by the Crusaders of Rust Team. The 2024 edition happened between 27/07/2024 and 29/07/2024. As usual, this was a great CTF with some really hard challenges. Although we couldn’t get this one in time for the CTF,...
Capture the Flag , Web , Writeup
Dec 20, 2023 - by Neptunian
Intigriti brings us monthly web challenge with really interesting problems. The Challenge This challenge was mostly the same of the 1337up CTF 2023, called Smarty Pants, which I solved :) It comes with the following PHP source: <?php if(isset($_GET['source'])){ highlight_file(__FILE__);...
Capture the Flag , Web , Writeup
Sep 7, 2023 - by Neptunian
SekaiCTF is a Capture The Flag event hosted by Team Project Sekai, with some hardcore members of CTF Community. Web challenges were fun. Worked in 3, solved 2. Challenge: Frog-WAF (29 solves) That was a hell of a teamwork with...
Capture the Flag , Web , Writeup
Aug 6, 2023 - by Alisson "Infektion" Bezerra
Hello, folks! It’s been a long time since my last write-up and there goes a short one. Harem scarem was a cool challenge from corCTF. It was a pwnable challenge, at first sight, We though it was about some fancy...
Capture the Flag , Hare programming language , Pwnable , Writeup
Aug 3, 2023 - by Neptunian
corCTF is maintained by the Crusaders of Rust Team. The 2023 edition happened between 28 and 30-JUL. This is a great CTF for Web with some really hard and creative challenges. I worked on 4 challenges and solved 3. Challenge:...
Capture the Flag , Web , Writeup
Mar 20, 2023 - by Marzano "Macmod"
Introduction Being one of the most widely used storage services on the web - probably only falling behind to AWS’s storage services - Azure storage accounts provide a simple and effective way of storing many kinds of data in the...
Azure , Blob , Data Analysis , Research , Storage Account
Mar 17, 2023 - by Neptunian
UTCTF is maintained by the Information & Systems Security Society at the University of Texas at Austin. Since I’m not a Python Jail Houdini like Alisson, my solution was WAY, WAY harder than most (or all) teams. But since it...
Capture the Flag , Web , Writeup
Mar 1, 2023 - by Marzano "Macmod"
Introduction This article describes an experiment aimed at finding domains likely vulnerable to DNS takeover, a well-known technique that can be used to steal decomissioned, but active domains. In this experiment I will show how I was able to find...
Data Analysis , DNS , DNS Takeover , Research , Subdomain Takeover , Takeover