Latest posts


02 Oct 2023

coding ctfs

pwn, web, cloud, rev, forensics, crypto

TISC'23 Writeups

Palindrome, everyone’s favourite cybercrime syndicate, is back for TISC 2023. I managed to solve all 10 challenges this year and clinch 2nd place. Here are my write-ups for all 10 levels. Level 1: Disk Archaeology Level 2: XIPHEREHPIX’s Reckless Mistake Level 3: KPA Level 4: Really Unfair Battleships Game Level 5: PALINDROME’s Invitation Level 6: 4D Level 7: The Library Level 8: Blind SQL Injection Level 9: PalinChrome Level 10: dogeGPT Final remarks


03 Sep 2023

coding ctfs

pwn

DUCTF'23 Writeups

Over the weekend, I played DownUnderCTF with my team, Social Enginner Experts, placing 6th overall.


12 Jun 2023

coding ctfs

pwn

SEETF'23 Author Writeups

This weekend, Social Engineering Experts (SEE) held its inaugural SEETF. Here are my write-ups for the challenges I authored. I am aware of the (multiple) unintended solutions, but thought it would be good to document my intended solutions. Thanks to everyone who played!


21 May 2023

coding ctfs

pwn, rev

GreyCTF pwn write-ups

Over the weekend, I played GreyCTF with Social Engineering Experts, placing 1st locally and 8th internationally. Having not touched CTFs for ages due to NS, I was a bit rusty, but luckily the challenges were nice twists on simple concepts, offering a pleasant mix of difficulty. I focused on the pwn category and cleared it, save for the first “baby pwn” challenge that my teammate solved. Here are the write-ups for the challenges I solved.


05 Mar 2023

coding misc

pwn, rev, cve

ImageMagick CVE-2020-10251: Exploitation

This is part 2 in the series on the ImageMagick vulnerability CVE-2020-10251. Part 1 discusses how to trigger the vulnerability and touches on how to recover the OOB heap data. This part will look at crafting suitable exploit files and exfiltrating useful information from the heap, making use of a self-made fuzzing tool to find viable trigger files. The focus of this part shifts from the analysis perspective in part 1 to exploitation.


05 Mar 2023

coding misc

pwn, rev, cve

ImageMagick CVE-2020-10251: Vulnerability analysis

In the past, I had done some research in the automated detection of vulnerabilities in binaries. There were a few vulnerabilities that I used as a benchmark for my algorithm to detect, one of which was CVE-2020-25674. This CVE was a bug in ImageMagick, “a widely deployed, general purpose image processing library written in C, most commonly used to resize, transcode or annotate user supplied images on the web… Given its maturity, performance and permissive licencing, ImageMagick is commonly employed for backend image processing for most consumer related software that deal with images” (Ben Simmonds). This bug allowed for an out-of-bounds (OOB) read on the heap. On Github, there were many such closed issues with a proof-of-concept (POC) exploit image file and sometimes, sanitiser logs. With work freeing up recently, I decided to explore some of these vulnerabilities and see how exploitable they were. In this post, we will focus our efforts on CVE-2020-10251, the most recent issue on the ImageMagick repository with the “Bug” label.


21 Jan 2023

philosophy

humour, BVT

On funny things

I believe that humour is an important part of many relationships, and sadly, its importance is often overlooked. Many great friendships are built on humour, and humour can also help break the ice between new acquaintances. You need look no further than schoolchildren to see the importance of humour in social settings. Apart from informal settings, humour also has a place in formal settings – it reduces stress and builds rapport. Furthermore, aside from humour’s immediate effect of mirth, it is also a good indicator of other qualities present in a relationship: trust, authenticity and understanding.


23 Oct 2022

coding ctfs

pwn, rev

JadeCTF pwn & rev write-ups

I participated in JadeCTF over the weekend. Having put CTFs on hold for some time for school, these challenges were a nice refresher for me. For these write-ups, I won’t be diving too deep into the details. Instead, I’ll mainly be focusing on the high-level method used to solve the challenges, and certain tricks along the way.


31 Aug 2022

coding ctfs

pwn, web, cloud, rev, forensics, crypto

CSIT TISC 2022 Write-ups

TISC (The InfoSecurity Challenge) 2022, organised by CSIT, was a CTF held over 17 days. Eager to escape my exam prep, I spent the first few days trying the challenges :) I solved the first 6 challenges in the first week before deciding to resume my studying… The challenges are harder than your typical CTF challenges, often requiring multiple exploits to get the flag. It was a fun and difficult CTF, getting me to explore categories outside my usual since we weren’t allowed teams. In the end, I placed 7th


25 Jun 2022

coding ctfs

pwn

CDDC Write-ups (ring 3 pwn)

I felt that these ring’s challenges were quite fun, requiring some creative thinking to solve. There was one last challenge in this category which my team didn’t manage to solve (blackbox FSB pwn). You can find the relevant binaries in this repo.


25 Jun 2022

coding ctfs

pwn

CDDC Write-ups (ring 4 pwn)

These 3 challenges had a wide variation in difficulty, but were all worth 100 points each (static scoring). You can find the relevant binaries in this repo.


25 Jun 2022

coding ctfs

pwn

CDDC Write-ups (ring 5 pwn)

In the recent Cyber Defenders Discovery Camp (CDDC) organised by DSTA, my team “Avocado_Milk” came in 4th with an overall score of 6180 - maybe one day I’ll get that podium finish :). Here are the write-ups for the challenges I solved during the CTF. I’ll be releasing my rev write-ups as well, but there’s not much chance for the web write-ups since the CTF organisers took all the servers down immediately. I’ll also include other interesting crypto/misc/programming challs.