• HITB CTF 2016: 'Special Delivery' writeup

    Just a small writeup for “Special Delivery” (network 300) from HITB CTF 2016.

  • CONFidence 2016 Teaser 'spkac' writeup

    This is a writeup for the “spkac” challenge from the CONFidence 2016 Teaser CTF. It was a cryptography challenge worth 200 points.

  • 32C3 CTF: Ranger writeup

    ranger was a pwnable worth 400 points during 32C3 CTF 2015. This is just a brief writeup of my solution, mostly to document a few things (in particular seccomp, which I’ve wanted to document for some time now).

  • 32C3 CTF: Docker writeup

    docker was a pwnable worth 250 points during 32C3 CTF 2015. The goal was to escape from a (slightly non-standard) docker container configuration.

  • CSAW 2015 - 'memeshop' writeup

    ‘memeshop’ was a pwnable worth 400 points in the latest CSAW CTF.

  • DEFCON 2015 Qualifiers 'babyecho' writeup

    This is my writeup for the “babyecho” challenge from the DEFCON 2015 Qualifiers. It was worth 1 Point. (That’s probably the reason for the name babyecho.) Anyway, since this was my first time exploiting a format string vulnerability, I wanted to make a writeup.

  • Squareroots & KITCTF at GPN15

    This announcement was intentionally left german.

  • PlaidCTF 2015 - TP writeup

    tp was an exploitation challenge consisting of two parts, in total woth 620 points. For PlaidCTF we (KITCTF) teamed up with StratumAuhuur as “Eat Sleep Pwn Repeat” and me and Stephen worked together to solve this challenge during the CTF.

  • Advanced Heap Exploitation: 0CTF 2015 'freenote' writeup

    freenote was a pwnable worth 400 points during 0CTF 2015.

  • Boston Key Party 2015 'Wood Island' writeup

    Originally, I wanted to write up the write-up for the airport challenge, but since Niklas has already done that, I’m doing the Wood Island challenge instead. It was worth 150 points on the Boston Key Party 2015.

  • Smashing the Potato: Codegate 2015 'mashed_potato' writeup

    mashed_potato was a pwnable worth 600 points during Codegate CTF 2015.

  • Boston Key Party 2015 'Sullivan Square' writeup

    Sullivan Square was a reversing challenge worth 350 points at the Boston Key Party CTF 2015.

  • Boston Key Party 2015 'Airport' writeup

    Airport was a cryptography challenge worth 500 points at the Boston Key Party CTF 2015.

  • GITS 2015 CTF 'aart' writeup

    aart was a web challenge worth 200 points at the 2015 GITS CTF. There were several ways to solve it, three of which will be described here.

  • GITS 2015 CTF 'giggles' writeup

    giggles was an exploitation challenge worth 300 points at the “Ghost in the Shellcode” CTF 2015.

  • InsomniHack Teaser - elysium writeup

    Just a quick writeup for the elysium (200pts) challenge from the InsomniHack Teaser CTF 2015. We ended up making the 6th place during the CTF :)

  • 31C3 CTF 'saas' writeup

    saas was an exploitation challenge worth 50 points at the 31C3 CTF.

  • 31C3 CTF 'mynx' writeup

    tl;dr 1 byte overwrite => use after free condition => information leak through a format string. Combined again with the first two steps to gain code execution via a controlled call to system().

  • 31C3 CTF 'devilish' writeup

    devilish was a web challenge worth 30 points at the 31C3 CTF.

  • Basic Tools

    CTFs are about the skill, not about the tools. Still, you’ll need a couple of tools to be successful.
    In general a good advice is to get used to working with the OS shell. There’s really a lot of things you can do very quickly and effectively if you know your way around bash/zsh/your_favourite_shell_here and python or your_favourite_scripting_language_here.

  • 9447 CTF 2014 'europe' writeup

    During 9447 CTF 2014, europe was a series of 3 exploitation challenges, all using the same binary. Each one would yield a different flag and in total those three flags where worth 700 points (200, 120, 380).

  • Staying up-to-date in infosec

    tl;dr just subscribe to r/netsec on reddit.
    The following is a list of sources to help you stay up-to-date in infosec. If you’re just starting out it probably still can’t hurt to read some of the posts and try to understand them. More often than not they’ll also point you to introductory resources for the topic.

  • Getting Started with CTF

    We’ve created a small guide to get you started with CTF and more or less infosec in general. There are a few selected resources for each of the major CTF disciplines that should help you get up to speed in those.

subscribe via RSS