Hi everyone! NahamCon CTF 2022 was held from 29/4-30/4. This babyrev challenge is on reversing the encoded flag to decode it. Let’s get started! Files provided babyrev You can download by reversed engineered IDA Freeware 7.7 database file for babyrev here. Overview We can see in the main(), it will prompt us for a username […]
Hi everyone! This post is on DCTF 2022’s Codechainz which is a fairly easy pwn challenge. This challenge has a buffer overflow (BoF) vulnerability and requires us to jump to a space created by mmap() which is executable. However, there is a shellcode size limit due to the space available. Let’s get started! Files provided […]
Hi everyone! This post is on BKSEC 2022 CTF which was held in early April this year. I only attempted the pwn category as I was feeling lazy to try out the others. The pwn challenges tested on arbitrary write via array out of bound (OOB), stack alignment on x64 programs, and bypassing integer inputs […]
Hi everyone! Today’s write-up is on CTF.SG 2022. It is a 24 hours CTF hosted over the weekend (12-13/3/2022) with many different categories such as Sanity, Web, Pwn, Cryptography, Reverse Engineering, and Misc. I did not have time to solve many challenges as I needed my sleep. This CTF definitely isn’t easy, especially for reverse […]
Hi everyone! Today’s post is on Little Tommy, a medium challenge on HackTheBox which was created on 27th September 2017. However, this challenge is actually quite easy and straightforward. The only difficult part is to identify the vulnerability which is Use-after-Free (UaF). Once you know it, obtaining the flag is very straightforward. Let’s get started! […]
Dear readers, Today’s reading is on HackyBird, a game-based Reverse Engineering challenge. It was created on 19th December 2020. Let’s get started! Files given HackyBird.exe (32-bits) You may also download the IDA database where I renamed some of the functions during reverse engineering here. Tools required Cheat Engine IDA Pro (or any other WIndows supported […]
Lamecarrot 
You must be logged in to post a comment.