Security and CTF write-ups

Reverse shell on a Node.js application

How we obtained a Javascript reverse shell by exploiting a vulnerability on a Node.js application during a security assessment.

Nuit du Hack Quals 2016 - Secure File Reader

Alternative solution to the expected race condition of a vulnerable Linux binary.

CSAW CTF 2015 - Reverse 300 - FTP

Breaking a cryptographically weak hash function to generate a valid password and bypass authentication of a FTP server.

HackingWeek 2015 - Reverse 4

How we managed to solve a Keygenme with Python and Z3 a high-performance theorem prover.

HackingWeek 2015 - Network

Write-ups for the four Hacking Week 2015 Network challenges with Wireshark and Python.

HackingWeek 2015 - Forensic

Write-ups for the four Hacking Week 2015 Forensic challenges with volatility and rekall.

HackingWeek 2015 - Crypto 2

Breaking a weak 1024-bit RSA key by recovering primes through the Fermat's factorization method.

HackingWeek 2015 - Crypto 1

Decryption of an ADFGVX ciphertext, breaking a transposition cipher used by German Army during World War I.

BCTF 2015 - Securecom

Reverse engineering of a client and a server binary communicating through a COM object.

Boston Key Party 2015 - Riverside

Filter and decode USB mouse position data from a packet capture to recover the flag.

Boston Key Party 2015 - Haymarket

Translate the legacy method of programming using punch cards with a custom Python OCR.

Boston Key Party 2015 - Wellington

Recover the flag by intercepting and recording the dynamic library calls of a Linux binary.

Boston Key Party 2015 - Heath Street

Recover deleted files from a Linux ext4 file system and decompress one with KGB Archiver.

SECCON CTF 2014 - Crypto 100 - Easy Cipher

How to decrypt a simple multiple base character encoding ciphertext with Python.

9447 CTF 2014 - Web 100 - tumorous

How to discover and manually decompress a git object file from a web accessible repository.

SU-CTF 2014 - Cryptography 100 - Huge key

Brute-force the key of a weak AES encryption implementation and decrypt the message.

SU-CTF 2014 - Steganography 100 - Hear with your eyes

Visualize a hidden message inside an audio file through its frequency spectrum.

CSAW CTF 2014 - Exploitation 400 - saturn

Exploitation of a vulnerable Challenge-Response-Authentication-Protocol Linux binary.

CSAW CTF 2014 - Web 300 - hashes

Steal the administrator cookie which contains the flag through a XSS vulnerability in jQuery.