• https://ctftime.org/event/2673
• March 21 - March 23

My Solves/Writeups

Forensics

Web

Pwn

Jail

Writeups

forensics/banksman

Our professor received a report from an unfamiliar student. With his experience, the professor realized that this report was abnormal. He immediately used this file for our research assignment. Let’s analyze whether there is anything mysterious embedded in it!

Introduction

In the past 6 months, I have been working on and achieved 3 certifications related to offensive security. The 3 certifications are Certified Penetration Testing Specialist (CPTS), Certified Bug Bounty Hunter (CBBH), and Certified Red Team Operator (CRTO) from HackTheBox and Zero-Point Security. This blog post will be detailing my experiences through these certifications and as a comparison.

CPTS

The Certified Penetration Testing Specialist (CPTS) certification was the first certification I achieved. The certification was a great introduction to pentesting web and network applications.

• https://ctftime.org/event/2485
• Oct 19 - Oct 21

My Solves/Writeups

I-95 (Quick Pwn)

Writeups

i-95/Melbourne

Drive on down the I-95 to your favorite cities along the way! First up: Melbourne!

Attachments: melbourne

nc 2024.sunshinectf.games 24601

Solution

Looking at the code from the disassembly, we can see that we are trying to modify s1 to be 0xdeadbeef without direct access to the variable.

Description

In this blog post, you will learn how to setup the Scorpio Scoring Engine for Linux OSes.

What is Scorpio?

Scorpio is a Python-based scoring engine created to score image vulnerabilities. Scorpio checks if a vulnerability has been fixed and gives live feedback to the students.

How does Scorpio work?

The image creator (you) will implement vulnerabilities onto a virtual machine and record them onto engine.py which runs every 30 seconds. As the students secure the system, the scoring engine will update Template.html (Scoring Report) to display the fixed vulnerabilities.

• https://ctftime.org/event/1775
• Sep 30 to Oct 02
• Played with wackers
• Ranking: 74/524 with 3275 points

My Solves/Writeups

Rev

Writeups

rev/flag-checker

I implemented this simple flag checker—can you decompile it and get the right flag?

Attachments: chal

Solution

Open in ida and follow the ida variable indexes in order and get the flag

• https://ctftime.org/event/1625
• Sep 23 to Sep 25
• Played with wackers
• Ranking: 392/1407 with 750 points

My Solves/Writeups

Pwn

Rev

DFIR

Writeups

pwn/babypywn

Python is memory safe, right?

Author: joseph#8210

Attachments: babypywn.py