Bypassing freeRASP Callbacks - Flag Validator Write Up - CTF BHack 2024

Dec 5, 2024 - by Luca "regne"

Introduction The FireShell Security Team was responsible for BHack CTF for one more year, and this year was my first time creating challenges. After thinking about and researching an interesting mobile challenge, I discovered an interesting trick to bypass freeRASP,...

Capture the Flag , Mobile , Writeup

Intigriti's August challenge by CryptoCat

Aug 14, 2024 - by Neptunian

Intigriti keeps challenging us with XSS fun time, this time with a challenge by CryptoCat. I had a great time doing it. This writeup follows the line of thinking of solving the challenge from zero, so it will be easier...

Capture the Flag , Web , Writeup

corCTF 2024 - Challenge Dev write-up

Aug 14, 2024 - by Marzano "Macmod"

corCTF is maintained by the Crusaders of Rust Team. The 2024 edition happened between 27/07/2024 and 29/07/2024. As usual, this was a great CTF with some really hard challenges. Although we couldn’t get this one in time for the CTF,...

Capture the Flag , Web , Writeup

Intigriti's December challenge by protag

Dec 20, 2023 - by Neptunian

Intigriti brings us monthly web challenge with really interesting problems. The Challenge This challenge was mostly the same of the 1337up CTF 2023, called Smarty Pants, which I solved :) It comes with the following PHP source: <?php if(isset($_GET['source'])){ highlight_file(__FILE__);...

Capture the Flag , Web , Writeup

SEKAI CTF 2023 - Web Writeups - Frog-WAF and Chunky

Sep 7, 2023 - by Neptunian

SekaiCTF is a Capture The Flag event hosted by Team Project Sekai, with some hardcore members of CTF Community. Web challenges were fun. Worked in 3, solved 2. Challenge: Frog-WAF (29 solves) That was a hell of a teamwork with...

Capture the Flag , Web , Writeup

corCTF 2023 - harem-scarem write-up

Aug 6, 2023 - by Alisson "Infektion" Bezerra

Hello, folks! It’s been a long time since my last write-up and there goes a short one. Harem scarem was a cool challenge from corCTF. It was a pwnable challenge, at first sight, We though it was about some fancy...

Capture the Flag , Hare programming language , Pwnable , Writeup

corCTF 2023 - 3 Web Challenges

Aug 3, 2023 - by Neptunian

corCTF is maintained by the Crusaders of Rust Team. The 2023 edition happened between 28 and 30-JUL. This is a great CTF for Web with some really hard and creative challenges. I worked on 4 challenges and solved 3. Challenge:...

Capture the Flag , Web , Writeup

The Dangers of Exposed Azure Blobs

Mar 20, 2023 - by Marzano "Macmod"

Introduction Being one of the most widely used storage services on the web - probably only falling behind to AWS’s storage services - Azure storage accounts provide a simple and effective way of storing many kinds of data in the...

Azure , Blob , Data Analysis , Research , Storage Account

UTCTF 2023 - Cracking the Random

Mar 17, 2023 - by Neptunian

UTCTF is maintained by the Information & Systems Security Society at the University of Texas at Austin. Since I’m not a Python Jail Houdini like Alisson, my solution was WAY, WAY harder than most (or all) teams. But since it...

Capture the Flag , Web , Writeup

Mining Takeovers for Fun and Profit

Mar 1, 2023 - by Marzano "Macmod"

Introduction This article describes an experiment aimed at finding domains likely vulnerable to DNS takeover, a well-known technique that can be used to steal decomissioned, but active domains. In this experiment I will show how I was able to find...

Data Analysis , DNS , DNS Takeover , Research , Subdomain Takeover , Takeover