Posts

International CTF Infrastructure Management

How to deploy a scalable and robust CTF infrastructure and the different issues we faced in FwordCTF 2020

CSAW CTF2020 - Web RTC Writeup

Web RTC (450pts) 39 solves Last weekend,we have been a part of the CSAW CTF 2020 and our team Fword ranked 4th in MENA region. We managed to solve all web challenges with my awesome teammates @Hera and @Noxious and we have particularly enjoyed Web RTC .

FwordCTF 2020 - Web/Bash Writeups

Official writeups for FwordCTF2020 Web/Bash challenges

CSICTF 2k20 - Web Exploitation

Web exploitation writeups of CSICTF 2k20 - File Library Task and The Unusual Suspects Web tasks

How i hacked a famous pizza vendor in Tunisia ?

How i hacked a famous pizza vendor in Tunisia ? Generally i’m not a fan of bug bounty programs but this time i tried to test my skills in some real world scenario and participate to secure some tunisian websites as they lack a lot of things in term of security :D It’s 11h pm and i was sitting on my laptop like always doing an annoying java homework for school when i felt hungry :( and accidentally an X pizza (we will call it X pizza as i was asked to not reveal the company name) ad catched my eye on facebook.

Detailed Writeups - Binary Exploitation

Detailed binary exploitation writeups from UMD CTF and WPICTF , heap based overflow and format string vulnerability.

HackZone VIII - Web Writeups

Web writeups for Hackzone VIII CTF

Midnight Sun CTF Quals 2020 - Pwn Writeups

pwn1(70pts) It was a ret2libc task , but we had firstly to leak the libc base address using BOF (i leaked it through printf address) than we will return to main and perform our ret2 System :D here is my exploit, if you have any questions you can contact me on twitter @BelkahlaAhmed1

TAMU CTF 2020 - Pwn Writeups

B64DECODER (244pts) This is wont be a detailed writeup , however in this task we have a clear format string vulnerability (line 23) and a leak of a64l function address

The After Prequal - Securinets Quals 2k20

The after-Prequal (971pts) (19 Solves) This task was so fun and i learned new things from it , we are given a website with a search functionality and after testing a single quote injection we had an SQL error , so let’s start the exploitation of the famous SQL injection :D