Intigriti's December challenge by protag

Dec 20, 2023 - by Neptunian

Intigriti brings us monthly web challenge with really interesting problems. The Challenge This challenge was mostly the same of the 1337up CTF 2023, called Smarty Pants, which I solved :) It comes with the following PHP source: <?php if(isset($_GET['source'])){ highlight_file(__FILE__);...

Capture the Flag , Web , Writeup

SEKAI CTF 2023 - Web Writeups - Frog-WAF and Chunky

Sep 7, 2023 - by Neptunian

SekaiCTF is a Capture The Flag event hosted by Team Project Sekai, with some hardcore members of CTF Community. Web challenges were fun. Worked in 3, solved 2. Challenge: Frog-WAF (29 solves) That was a hell of a teamwork with...

Capture the Flag , Web , Writeup

corCTF 2023 - harem-scarem write-up

Aug 6, 2023 - by Alisson "Infektion" Bezerra

Hello, folks! It’s been a long time since my last write-up and there goes a short one. Harem scarem was a cool challenge from corCTF. It was a pwnable challenge, at first sight, We though it was about some fancy...

Capture the Flag , Hare programming language , Pwnable , Writeup

corCTF 2023 - 3 Web Challenges

Aug 3, 2023 - by Neptunian

corCTF is maintained by the Crusaders of Rust Team. The 2023 edition happened between 28 and 30-JUL. This is a great CTF for Web with some really hard and creative challenges. I worked on 4 challenges and solved 3. Challenge:...

Capture the Flag , Web , Writeup

The Dangers of Exposed Azure Blobs

Mar 20, 2023 - by Marzano "Macmod"

Introduction Being one of the most widely used storage services on the web - probably only falling behind to AWS’s storage services - Azure storage accounts provide a simple and effective way of storing many kinds of data in the...

Azure , Blob , Data Analysis , Research , Storage Account

UTCTF 2023 - Cracking the Random

Mar 17, 2023 - by Neptunian

UTCTF is maintained by the Information & Systems Security Society at the University of Texas at Austin. Since I’m not a Python Jail Houdini like Alisson, my solution was WAY, WAY harder than most (or all) teams. But since it...

Capture the Flag , Web , Writeup

Mining Takeovers for Fun and Profit

Mar 1, 2023 - by Marzano "Macmod"

Introduction This article describes an experiment aimed at finding domains likely vulnerable to DNS takeover, a well-known technique that can be used to steal decomissioned, but active domains. In this experiment I will show how I was able to find...

Data Analysis , DNS , DNS Takeover , Research , Subdomain Takeover , Takeover

HackTM CTF 2023 - cs2100 write-up

Feb 19, 2023 - by Alisson "Infektion" Bezerra

The Event HackTM CTF was an event hosted by WreckTheLine. It was a really nice event and there were some very cool challenges. As it is Carnival in Brazil, my teammates was not going to play and I decided to...

Capture the Flag , Pwnable , Reverse Engineering , Writeup

NahamCon EU CTF 2022 - Welcome to Web3!

Dec 19, 2022 - by Daniel "Dan_Ps" Patricio

The event NahamCon EU CTF started on December 16th and lasted 24 hours. It had all the most common types of challenges such as web, pwn, reverse, crypto, etc. I could not play the entire event, so I dedicated most...

Capture the Flag , Solidity Programming Language , Web3 , Writeup

RCTF 2022 - Hacking File Uploads

Dec 10, 2022 - by Neptunian

RCTF 2022 is a Jeopardy-style Online Capture The Flag Competition presented by ROIS(Researcher Of In-formation Security). The Champion Team of RCTF 2022 will be invited to The Finals of the 8th Edition of XCTF. It is hosted by XCTF, which...

Capture the Flag , Web , Writeup