The Dangers of Exposed Azure Blobs

Mar 20, 2023 - by Marzano "Macmod"

Introduction Being one of the most widely used storage services on the web - probably only falling behind to AWS’s storage services - Azure storage accounts provide a simple and effective way of storing many kinds of data in the...

Azure , Blob , Data Analysis , Research , Storage Account

UTCTF 2023 - Cracking the Random

Mar 17, 2023 - by Neptunian

UTCTF is maintained by the Information & Systems Security Society at the University of Texas at Austin. Since I’m not a Python Jail Houdini like Alisson, my solution was WAY, WAY harder than most (or all) teams. But since it...

Capture the Flag , Web , Writeup

Mining Takeovers for Fun and Profit

Mar 1, 2023 - by Marzano "Macmod"

Introduction This article describes an experiment aimed at finding domains likely vulnerable to DNS takeover, a well-known technique that can be used to steal decomissioned, but active domains. In this experiment I will show how I was able to find...

Data Analysis , DNS , DNS Takeover , Research , Subdomain Takeover , Takeover

HackTM CTF 2023 - cs2100 write-up

Feb 19, 2023 - by Alisson "Infektion" Bezerra

The Event HackTM CTF was an event hosted by WreckTheLine. It was a really nice event and there were some very cool challenges. As it is Carnival in Brazil, my teammates was not going to play and I decided to...

Capture the Flag , Pwnable , Reverse Engineering , Writeup

NahamCon EU CTF 2022 - Welcome to Web3!

Dec 19, 2022 - by Daniel "Dan_Ps" Patricio

The event NahamCon EU CTF started on December 16th and lasted 24 hours. It had all the most common types of challenges such as web, pwn, reverse, crypto, etc. I could not play the entire event, so I dedicated most...

Capture the Flag , Solidity Programming Language , Web3 , Writeup

RCTF 2022 - Hacking File Uploads

Dec 10, 2022 - by Neptunian

RCTF 2022 is a Jeopardy-style Online Capture The Flag Competition presented by ROIS(Researcher Of In-formation Security). The Champion Team of RCTF 2022 will be invited to The Finals of the 8th Edition of XCTF. It is hosted by XCTF, which...

Capture the Flag , Web , Writeup

Explorando SQL Injection no INSERT - BHack CTF 2022 - Jogo da Velha - [PT-BR]

Dec 10, 2022 - by Neptunian

Tive o grande prazer de participar do evento de segurança BHack 2022 e ajudar na organização do CTF, incluindo a elaboração de dois desafios. Neste write-up, explico o desafio web Jogo da Velha e o método proposto de solu.. hacking...

Capture the Flag , Web , Writeup

Google CTF 2022 - Segfault Labyrinth

Aug 9, 2022 - by j3r3mias

Introduction In this write-up I will describe the journey to finish one of the challenges from Google CTF 2022 called Segfault Labyrinth in the reversing engineering miscellaneous category. The idea of this write-up is to cover mainly how to approach...

Capture the Flag , Miscellaneous , Pwnable , Shellcode , Writeup

WeCTF 2022 - Google Wayback

Jun 20, 2022 - by Neptunian

This is the 3rd edition of WeCTF and this is the only CTF I’m following since the begining - because I started playing in 2020 - and it’s one of my favorites, since I’m a big Web Hacking fan :)...

Capture the Flag , Web , Writeup

SEETF 2022 - Username Generator

Jun 20, 2022 - by Neptunian

SEETF is a cybersecurity Capture the Flag competition hosted by the Social Engineering Experts CTF team. Altough the name is about Social Engineering, I worked on some really fun web challenges. This was a simple one, but with a tricky...

Capture the Flag , Web , Writeup