https://github.com/xenonminer.png

Cyber/CTF Blog

RITSEC CTF 2025

My Solves/Writeups

Forensics

Challenge NameDifficultyPointsWriteup
forensics/banksmanmedium471jump

Web

Challenge NameDifficultyPointsWriteup
web/virtual-mayhemeasy419jump
web/upload-issuesmedium483jump

Pwn

Challenge NameDifficultyPointsWriteup
pwn/bit-burgereasy467jump
pwn/hashmatchmedium499jump

Jail

Challenge NameDifficultyPointsWriteup
jail/shrimpleeasy494jump
jail/setieasy496jump

Writeups

forensics/banksman

Our professor received a report from an unfamiliar student. With his experience, the professor realized that this report was abnormal. He immediately used this file for our research assignment. Let’s analyze whether there is anything mysterious embedded in it!

Offensive Certifications Part 1

Introduction

In the past 6 months, I have been working on and achieved 3 certifications related to offensive security. The 3 certifications are Certified Penetration Testing Specialist (CPTS), Certified Bug Bounty Hunter (CBBH), and Certified Red Team Operator (CRTO) from HackTheBox and Zero-Point Security. This blog post will be detailing my experiences through these certifications and as a comparison.

CPTS

The Certified Penetration Testing Specialist (CPTS) certification was the first certification I achieved. The certification was a great introduction to pentesting web and network applications.

sunshineCTF 2024

My Solves/Writeups

I-95 (Quick Pwn)

Challenge NameDifficultyPointsWriteup
i-95/MelbourneEasy10jump
i-95/Cape CanaveralEasy10jump
i-95/Palm BeachMedium10jump
i-95/Fort PierceMedium10jump
i-95/JupiterMedium86jump

Writeups

i-95/Melbourne

Drive on down the I-95 to your favorite cities along the way! First up: Melbourne!

Attachments: melbourne

nc 2024.sunshinectf.games 24601

Solution

Looking at the code from the disassembly, we can see that we are trying to modify s1 to be 0xdeadbeef without direct access to the variable.

Scorpio Linux Setup

Description

In this blog post, you will learn how to setup the Scorpio Scoring Engine for Linux OSes.

What is Scorpio?

Scorpio is a Python-based scoring engine created to score image vulnerabilities. Scorpio checks if a vulnerability has been fixed and gives live feedback to the students.

How does Scorpio work?

The image creator (you) will implement vulnerabilities onto a virtual machine and record them onto engine.py which runs every 30 seconds. As the students secure the system, the scoring engine will update Template.html (Scoring Report) to display the fixed vulnerabilities.

WRECKCTF 2022

My Solves/Writeups

Rev

Challenge NameDifficultyPointsWriteup
rev/flag-checkereasy235jump
rev/advanced-flag-checkereasy343jump
rev/reversereasy374jump

Writeups

rev/flag-checker

I implemented this simple flag checker—can you decompile it and get the right flag?

Attachments: chal

Solution

Open in ida and follow the ida variable indexes in order and get the flag

DownUnder CTF 2022

My Solves/Writeups

Pwn

Challenge NameDifficultyPointsWriteup
pwn/babyp(y)wnbeginner50jump

Rev

Challenge NameDifficultyPointsWriteup
rev/source-providedbeginner50jump

DFIR

Challenge NameDifficultyPointsWriteup
dfir/Shop-Knock-Knock-Knockeasy50jump
dfir/Shop-Logging-for-what?easy50jump
dfir/Shop-I’m-just-looking!easy50jump
dfir/Shop-Oi!-Get-out-of-there!medium50jump

Writeups

pwn/babypywn

Python is memory safe, right?

Author: joseph#8210

Attachments: babypywn.py