RealWorld CTF 2023 Writeup
Another writeup for the ReadWorld 2023 CTF. Here are the baby-level and normal-level challenges, but they are actually not easy at all.
Read moreUnderstanding the Heap - a beautiful mess
In this blog, I am going to explain the important concepts of Heap and use the ptmalloc in the Glibc 2.31 library as an example. The heap is a beautiful mess :)
Read moresnykCTF 2022 Writeup
This is the writeup for the snykCTF 2022 which provided so many interesting web challenges. I take it as an opportunity to learn more about various web security topics which is why I spend time going through all the challenges again. I hope you find this writeup informative and enjoyable!
Read moreDEADFACE CTF 2022 Writeup
Another writeup for the really interesting CTF game I played last weekend! Luckily to find a prototype pollution challenge in the game.
Read moreGoogle XSS Game Exploit & Patch
Hi, here are six easy but interesting XSS games hosted by Google. This blog records the writeup, how to patch these vulns and CSP-based protection strategies. More importantly, I summarized the browser parsing process in terms of the timing of different decoding occurring.
Read moreA JS Beginner-Friendly Introduction to Prototype Pollution
This blog aims to summarize everything about the javascript-specific vulnerability - prototype pollution: necessary knowledge about javascript, what is the prototype and prototype chain, how to exploit the prototype pollution vulnerability and several CTF challenges related to the prototype pollution which might help in understanding all the stuff.
Read moreMapleCTF 2022 Pwn Warmup1&2 Writeup
This blog is the writeup of the two pwn challenges, warmup1 and warmup2, which are provided in the recent Maple CTF 2022. Though they are just warmup, I think they are really interesting and kind of complex in terms of the second one, which are worth evaluation and summary.
Read moreSamsung Security Tech Forum 2022 Writeup
本次比赛的题目质量非常高,但是比较遗憾的是只有一天时间而且在周中,所以在比赛中没有做出来很多题目。幸运的是,比赛结束后环境还会保存一段时间,所以我索性把所有PWN的题目都研究学习一番,希望可以查缺补漏、有所收获。
Read moreS.H.E.L.L. CTF 2022 Writeup
本次比赛以Th3ee参赛,最终在1092支参赛队伍取得92名的成绩。比赛的题目整体水平比较偏简单(Crypto, Forensic, Misc)。由于比赛没有PWN的题目,所以我本次比赛主要负责Forensics及其他类型的题目。值得一提的是,我们Th3ee的队标新鲜出炉,快点进来看看吧!
Read moreASCWG CTF 2022 Writeup
本文为Arab Security Cyber Wargames 2022比赛的WriteUp。作为阿拉伯国家的CTF比赛,发现中东地区的网络安全氛围也是非常好,交流中可以学习到很多。最终我们在737支参赛队伍排名第67位。 Sometimes you win, sometimes you learn.
Read more