Challenge Writeup on

PointerOverflow CTF 2024 – DF

Fri, 03 May 2024 00:00:00 +0000

0x00 – Prologue
#

Forensics challenges usually start out tame—bit of file carving, maybe some strings, or sleuthing around disk images. But sometimes, one of those USB dumps hits differently.

JWT Hunt – Iron CTF 2024

Tue, 23 Apr 2024 00:00:00 +0000

0x00 – Prologue
#

I like JWT bugs. They’re like puzzles where you know someone somewhere made a careless design call, and you just have to figure out where the glue fell apart. In this one, the challenge was called “JWT Hunt” and it lived up to the name. Turns out the devs had split the signing key into four parts and sprinkled them around the site like cryptographic breadcrumbs.

Binary Badlands – HTB University CTF 2024

Sun, 21 Apr 2024 00:00:00 +0000

0x00 – Prologue
#

I knew from the moment I saw “MD5” in the challenge description, things were about to get weird. Anyone who’s spent enough time around outdated crypto knows MD5 is a landmine. It’s fast, broken, and predictable in just the right (or wrong) ways. This challenge leaned all the way into that mess.

ZKPoF – HITCON CTF 2024

Sat, 09 Mar 2024 00:00:00 +0000

0x00 – Prologue
#

There are some challenges that punch you in the face with math. And then there are ones like this—“ZKPoF”—that slowly pull you in, pretending to be a protocol puzzle, until you realize Python’s int() is about to be your best friend and worst enemy. This was a zero-knowledge proof challenge… but with a twist. Instead of proving knowledge of a secret, I was exploiting the protocol for leaking just enough of it to reconstruct the whole damn secret.

One by One – LA CTF 2024

Sun, 18 Feb 2024 00:00:00 +0000

0x00 – Prologue
#

Brute-forcing a Google Form? Yeah, it sounds dumb until you realize the form is leaking state via some sneaky HTML fields. That’s when it turns into an actual side-channel attack and not just clicking buttons like a bot. This was one of those problems where you stare at Chrome DevTools long enough, and suddenly you’re deep in Puppeteer automations and page parity logic.

Hard Forensics – BlackHat MEA Quals 2023

Sat, 04 Nov 2023 00:00:00 +0000

Sometimes, you get a JPEG, and you just know it’s lying to you. It smiles at you innocently like any regular image, but as a hacker, you know better. So, I stared at the given JPEG for a moment — instinctively opened it in a hex editor. Why? Because standard images don’t end with a bunch of gibberish appended to them.

Challenge Writeup on

PointerOverflow CTF 2024 – DF

0x00 – Prologue #

JWT Hunt – Iron CTF 2024

0x00 – Prologue #

Binary Badlands – HTB University CTF 2024

0x00 – Prologue #

ZKPoF – HITCON CTF 2024

0x00 – Prologue #

One by One – LA CTF 2024

0x00 – Prologue #

Hard Forensics – BlackHat MEA Quals 2023

0x00 – Prologue
#

0x00 – Prologue
#

0x00 – Prologue
#

0x00 – Prologue
#

0x00 – Prologue
#