Well, here we go. This was the very first CTF event that I took part of while it was happening, and I'm quite proud of my results!
Most importantly, almost every challenge that I finished taught me a bunch of new concepts and techniques, and showcased what can be expected in the field of hunting vulnerabilities.
By the end of the 5-day ordeal I got to 357th place out of 4740 teams and more than 9500 players, and I'm very satisfied with such an outcome from my very first event of this type.
But, as I can now see, the learning process continues even after the event, in the form of writing write-ups! The much more level-headed approach of trying to explain and follow the process of finding the flags means that I get to see my ideas and techniques in a new light, and organise the tools and concepts much better.
Reading write-ups is also indisplensable, as there were quite a few other challenges that I was sure I was very near to solving, but never found out what I was missing. Reading other people's write-ups allowed me to see what I was did right or wrong, and how to improve on that.
So I hope you get that from reading these write-ups as well, and learn a few things from them, or at least see an another approach to solving the same problem.
Inspector Gadget - Cyberapocalypse 2021 CTF
An easy warm-up challenge in the style of a scavenger hunt
CaaS - Cyberapocalypse 2021 CTF
Exploiting curl running locally on the host, to get local file inclusion
miniSTRypalace - Cyberapocalypse 2021 CTF
Showcasing the importance of white-listing instead of black-listing commands and strings inside PHP
BlitzProp - Cyberapocalypse 2021 CTF
Exploring the interesting concept ot AST injection and prototype pollution, resulting in remote code exectution. And all of that because we use the wrong version of a library in node
E.Tree - Cyberapocalypse 2021 CTF
Blind XPATH injection with a slight twist
Wild goose hunt - Cyberapocalypse 2021 CTF
A challenge showcasing the weakness of improper handling of mongo queries
Emoji Voting - Cyberapocalypse 2021 CTF
This fun challenge showcases blind SQL injection inside of an ORDER BY clause
Passphrase - Cyberapocalypse 2021 CTF
A simple reverse-engineering challenge invoving stringcompare
Authenticator - Cyberapocalypse 2021 CTF
Reverse-engineering a binary, involving both stringcompare and a bit of XOR magic
Key Mission - Cyberapocalypse 2021 CTF
Having fun with USB Human Interface Devices, namely a keyboard. The twist was having to deal with the Shift key
Nintendo Base64 - Cyberapocalypse 2021 CTF
An easy warm-up cryptography challenge, dealing with multilayered base64 encoding and obfuscation
Soulcrabber - Cyberapocalypse 2021 CTF
A challenge written in Rust, showcasing using known seeds for pseudo-random number generators
Phasestream 1- Cyberapocalypse 2021 CTF
The first challenge of this series showcased XOR encryption with a 5-byte key
Phasestream 2 - Cyberapocalypse 2021 CTF
Still on the topic of XOR, this time using a 1-byte key, but hiding the real flag in a list of 9999 different strings
Phasestream 3 - Cyberapocalypse 2021 CTF
A challenge showcasing the devastating effects of reusing keystreams in AES encryption
Phasestream 4 - Cyberapocalypse 2021 CTF
A direct follow-up of the previous challenge, introducing a bit of a guessing game
Alien Camp - Cyberapocalypse 2021 CTF
A fun scripting challenge involving the automatic handling of
nc based services
Input as a Service - Cyberapocalypse 2021 CTF
input() in python2.x is scary by default
Thank you for reading!
The information in this blog, as well as all the tools, apps and libraries I develop are currently open source.
I would love to keep it this way, and you can help!
You can buy me a coffee from here, which will go towards the next all-nighter I pull off!
Or you can support me and my code monthly over at Github Sponsors!