{"version":1,"pages":[{"id":"r8kz7VVzZd0Pt2qAYyAK","title":"Zeyu's CTF Writeups","pathname":"/","siteSpaceId":"sitesp_yS7qL","emoji":"1f6a9","description":"Here you can find writeups from various CTFs that I've participated in."},{"id":"-MfLP-2icMB9KmZeoqBT","title":"STANDCON CTF 2021","pathname":"/my-challenges/standcon-ctf-2021","siteSpaceId":"sitesp_yS7qL","description":"STANDCON CTF is a Singaporean CTF competition for tertiary students.","breadcrumbs":[{"label":"My Challenges"}]},{"id":"-MfLRqt5xdRaKN2OaB5R","title":"Space Station","pathname":"/my-challenges/standcon-ctf-2021/space-station","siteSpaceId":"sitesp_yS7qL","description":"N-day Local File Inclusion (LFI) vulnerability in PHP-Proxy.","breadcrumbs":[{"label":"My Challenges"},{"label":"STANDCON CTF 2021"}]},{"id":"-MfLYKWuHdxBA02ho5Hq","title":"Star Cereal","pathname":"/my-challenges/standcon-ctf-2021/star-cereal","siteSpaceId":"sitesp_yS7qL","description":"PHP insecure deserialisation vulnerability","breadcrumbs":[{"label":"My Challenges"},{"label":"STANDCON CTF 2021"}]},{"id":"-MfM6Ath1aBfycW1pmot","title":"Star Cereal 2","pathname":"/my-challenges/standcon-ctf-2021/star-cereal-2","siteSpaceId":"sitesp_yS7qL","description":"Spoofable client IP address, SQL injection vulnerability","breadcrumbs":[{"label":"My Challenges"},{"label":"STANDCON CTF 2021"}]},{"id":"-MfMA9SgBTwYb2APiDwX","title":"Mission Control","pathname":"/my-challenges/standcon-ctf-2021/mission-control","siteSpaceId":"sitesp_yS7qL","description":"Format string vulnerability","breadcrumbs":[{"label":"My Challenges"},{"label":"STANDCON CTF 2021"}]},{"id":"-MfMMI-uzsonJf6Q_e_f","title":"Rocket Science","pathname":"/my-challenges/standcon-ctf-2021/rocket-science","siteSpaceId":"sitesp_yS7qL","description":"Code injection vulnerability in lambdaJSON","breadcrumbs":[{"label":"My Challenges"},{"label":"STANDCON CTF 2021"}]},{"id":"-MfMkTkf6EjtaCu3DvTX","title":"Space University of Interior Design","pathname":"/my-challenges/standcon-ctf-2021/space-university-of-interior-design","siteSpaceId":"sitesp_yS7qL","description":"SUID and Sudo misconfigurations","breadcrumbs":[{"label":"My Challenges"},{"label":"STANDCON CTF 2021"}]},{"id":"-MfMwa4wItHDPxFpzskI","title":"Rocket Ship Academy","pathname":"/my-challenges/standcon-ctf-2021/rocket-ship-academy","siteSpaceId":"sitesp_yS7qL","description":"RSA Chosen Ciphertext Attack","breadcrumbs":[{"label":"My Challenges"},{"label":"STANDCON CTF 2021"}]},{"id":"-MfNAp5A_o47H3hZM_J1","title":"Space Noise","pathname":"/my-challenges/standcon-ctf-2021/space-noise","siteSpaceId":"sitesp_yS7qL","description":"TCP covert channel using Morse Code","breadcrumbs":[{"label":"My Challenges"},{"label":"STANDCON CTF 2021"}]},{"id":"Vo3frMR4mNBTlbR5vMCv","title":"DEF CON CTF 2023 Qualifiers","pathname":"/2023/def-con-ctf-2023-qualifiers","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2023"}]},{"id":"oTazS3ImPFfxsVdT9dqN","title":"hxp CTF","pathname":"/2023/hxp-ctf","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2023"}]},{"id":"s5i1WAwkfIL8NxFltlHg","title":"true_web_assembly","pathname":"/2023/hxp-ctf/true_web_assembly","siteSpaceId":"sitesp_yS7qL","description":"From XSS to RCE in AsmBB v2.9.1","breadcrumbs":[{"label":"2023"},{"label":"hxp CTF"}]},{"id":"fFoqprILkCaUVpp0ZtnJ","title":"HackTM CTF Qualifiers","pathname":"/2023/hacktm-ctf-qualifiers","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2023"}]},{"id":"WUSpv7mkaXH8xXtIDiGL","title":"Crocodilu","pathname":"/2023/hacktm-ctf-qualifiers/crocodilu","siteSpaceId":"sitesp_yS7qL","description":"CSP bypass through unsupported www.youtube.com JSONP endpoint","breadcrumbs":[{"label":"2023"},{"label":"HackTM CTF Qualifiers"}]},{"id":"U5S3tmNckksZjxErnVJp","title":"secrets","pathname":"/2023/hacktm-ctf-qualifiers/secrets","siteSpaceId":"sitesp_yS7qL","description":"XS leak through cross-origin redirects — intended and unintended","breadcrumbs":[{"label":"2023"},{"label":"HackTM CTF Qualifiers"}]},{"id":"Jv0R8kLIZtvPUhYvyGec","title":"Hades","pathname":"/2023/hacktm-ctf-qualifiers/hades","siteSpaceId":"sitesp_yS7qL","description":"jQuery-facilitated XSS","breadcrumbs":[{"label":"2023"},{"label":"HackTM CTF Qualifiers"}]},{"id":"RoFvBdkiN7buPsWFv9eT","title":"niteCTF 2022","pathname":"/2022/nitectf-2022","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"}]},{"id":"pdploECvOjiczBVx7MUR","title":"Undocumented js-api","pathname":"/2022/nitectf-2022/undocumented-js-api","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"niteCTF 2022"}]},{"id":"wWGArtNiUyr683TKwcDV","title":"js-api","pathname":"/2022/nitectf-2022/js-api","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"niteCTF 2022"}]},{"id":"1Kq4muNna9u3XhmX8Ri2","title":"STACK the Flags 2022","pathname":"/2022/stack-the-flags-2022","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"}]},{"id":"hK2HjJK6hJ2MqAuH1SuB","title":"Secret of Meow Olympurr","pathname":"/2022/stack-the-flags-2022/secret-of-meow-olympurr","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"STACK the Flags 2022"}]},{"id":"HYdxfPQ27KmNYWo18Lk5","title":"The Blacksmith","pathname":"/2022/stack-the-flags-2022/the-blacksmith","siteSpaceId":"sitesp_yS7qL","description":"Python is weird.","breadcrumbs":[{"label":"2022"},{"label":"STACK the Flags 2022"}]},{"id":"u7DThmT2YXDUotu0F0Ma","title":"GutHib Actions","pathname":"/2022/stack-the-flags-2022/guthib-actions","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"STACK the Flags 2022"}]},{"id":"6Nyz3jpyRseSa51Q1CA0","title":"Electrogrid","pathname":"/2022/stack-the-flags-2022/electrogrid","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"STACK the Flags 2022"}]},{"id":"droDlZA3OmZAoi8EUdXq","title":"BeautyCare","pathname":"/2022/stack-the-flags-2022/beautycare","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"STACK the Flags 2022"}]},{"id":"iSX04MKAus6PPRILntbb","title":"LakeCTF Qualifiers","pathname":"/2022/lakectf-qualifiers","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"}]},{"id":"PeBzCfiA9hk5B95HKBXN","title":"People","pathname":"/2022/lakectf-qualifiers/people","siteSpaceId":"sitesp_yS7qL","description":"Base element CSP bypass","breadcrumbs":[{"label":"2022"},{"label":"LakeCTF Qualifiers"}]},{"id":"IrT04YwlrTmYJvyyouW3","title":"Clob-Mate","pathname":"/2022/lakectf-qualifiers/clob-mate","siteSpaceId":"sitesp_yS7qL","description":"DOM clobbering + request size denial of service","breadcrumbs":[{"label":"2022"},{"label":"LakeCTF Qualifiers"}]},{"id":"AGhxqxj09ygfH9DQWXMt","title":"So What? Revenge","pathname":"/2022/lakectf-qualifiers/so-what-revenge","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"LakeCTF Qualifiers"}]},{"id":"gEE1qbt2EcXqSNU3dlSj","title":"The InfoSecurity Challenge 2022","pathname":"/2022/tisc-2022","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"}]},{"id":"AVt9uykebc2zbbBKkMNK","title":"Level 1 - Slay The Dragon","pathname":"/2022/tisc-2022/level-1-slay-the-dragon","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"The InfoSecurity Challenge 2022"}]},{"id":"sWV93rZvVPG0orTcrecN","title":"Level 2 - Leaky Matrices","pathname":"/2022/tisc-2022/level-2-leaky-matrices","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"The InfoSecurity Challenge 2022"}]},{"id":"tXZ4x14ARn5Iz9YrcKhQ","title":"Level 3 - PATIENT0","pathname":"/2022/tisc-2022/level-3-patient0","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"The InfoSecurity Challenge 2022"}]},{"id":"3xYp0M1xwm7swpdU5nBo","title":"Level 4B - CloudyNekos","pathname":"/2022/tisc-2022/level-4b-cloudynekos","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"The InfoSecurity Challenge 2022"}]},{"id":"A3KhV14WXpq4UzXbdDOV","title":"Level 5B - PALINDROME's Secret (Author Writeup)","pathname":"/2022/tisc-2022/level-5b-palindromes-secret-author-writeup","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"The InfoSecurity Challenge 2022"}]},{"id":"gR6spMeOFP88csctrWrZ","title":"BalsnCTF 2022","pathname":"/2022/balsnctf-2022","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"}]},{"id":"BiePBfMEovj6V3EJqAC9","title":"2linenodejs","pathname":"/2022/balsnctf-2022/2linenodejs","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"BalsnCTF 2022"}]},{"id":"V8P0HnIPUj04012czXjU","title":"Health Check","pathname":"/2022/balsnctf-2022/health-check","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"BalsnCTF 2022"}]},{"id":"te1yL2HvItgt3EomIrlQ","title":"BSidesTLV 2022 CTF","pathname":"/2022/bsidestlv-2022-ctf","siteSpaceId":"sitesp_yS7qL","description":"BSidesTLV is one of Israel's leading cyber conferences for hackers and security researchers.","breadcrumbs":[{"label":"2022"}]},{"id":"VyMvgIkOlRbrlYDAIozm","title":"Smuggler","pathname":"/2022/bsidestlv-2022-ctf/smuggler","siteSpaceId":"sitesp_yS7qL","description":"HTTP Request Smuggling and Method Spoofing","breadcrumbs":[{"label":"2022"},{"label":"BSidesTLV 2022 CTF"}]},{"id":"JtyVEEApzsj1BNDOn7B8","title":"Wild DevTools","pathname":"/2022/bsidestlv-2022-ctf/wild-devtools","siteSpaceId":"sitesp_yS7qL","description":"Browser-based Port Scan + Puppeteer Remote Debugging","breadcrumbs":[{"label":"2022"},{"label":"BSidesTLV 2022 CTF"}]},{"id":"werDc0vNNfvIyh6FsGy0","title":"Tropical API","pathname":"/2022/bsidestlv-2022-ctf/tropical-api","siteSpaceId":"sitesp_yS7qL","description":"JavaScript Regex Shenanigans","breadcrumbs":[{"label":"2022"},{"label":"BSidesTLV 2022 CTF"}]},{"id":"CYTJSqPKap2y5kICe0OQ","title":"Grey Cat The Flag 2022","pathname":"/2022/grey-cat-the-flag-2022","siteSpaceId":"sitesp_yS7qL","description":"Organized by NUS Greyhats in collaboration with National Cybersecurity R&D Labs from Singapore.","breadcrumbs":[{"label":"2022"}]},{"id":"W5ulHhMH1ekuQY9KwS9H","title":"DEF CON CTF 2022 Qualifiers","pathname":"/2022/def-con-ctf-2022-qualifiers","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"}]},{"id":"YIBvw4AMvwapQJdI9tuv","title":"Securinets CTF Finals 2022","pathname":"/2022/securinets-ctf-finals-2022","siteSpaceId":"sitesp_yS7qL","description":"Organised by Securinets Club","breadcrumbs":[{"label":"2022"}]},{"id":"Iyb6pH29jKyCYizoBnNr","title":"StrUggLe","pathname":"/2022/securinets-ctf-finals-2022/struggle","siteSpaceId":"sitesp_yS7qL","description":"HAProxy HTTP Request Smuggling","breadcrumbs":[{"label":"2022"},{"label":"Securinets CTF Finals 2022"}]},{"id":"VXoiRgDwc4CVJBVrcOvO","title":"XwaSS ftw?","pathname":"/2022/securinets-ctf-finals-2022/xwass-ftw","siteSpaceId":"sitesp_yS7qL","description":"Content Security Policy bypass using base tag","breadcrumbs":[{"label":"2022"},{"label":"Securinets CTF Finals 2022"}]},{"id":"Te4r1eKMjH7vPe3HGw4I","title":"Strong","pathname":"/2022/securinets-ctf-finals-2022/strong","siteSpaceId":"sitesp_yS7qL","description":"Jinja2 SSTI filter bypass","breadcrumbs":[{"label":"2022"},{"label":"Securinets CTF Finals 2022"}]},{"id":"uJeDmTX8msZzbeGt49KZ","title":"Artist","pathname":"/2022/securinets-ctf-finals-2022/artist","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"Securinets CTF Finals 2022"}]},{"id":"g3vgjTL5Ww2VgL36QJoj","title":"NahamCon CTF 2022","pathname":"/2022/nahamcon-ctf-2022","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"}]},{"id":"ElOhds6b7erDFtSb15i4","title":"Flaskmetal Alchemist","pathname":"/2022/nahamcon-ctf-2022/flaskmetal-alchemist","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"NahamCon CTF 2022"}]},{"id":"3ux5aTGHzYo1NLvWtcFk","title":"Hacker TS","pathname":"/2022/nahamcon-ctf-2022/hacker-ts","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"NahamCon CTF 2022"}]},{"id":"Ip4kywaSeQJJ19rblkvF","title":"Two For One","pathname":"/2022/nahamcon-ctf-2022/two-for-one","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"NahamCon CTF 2022"}]},{"id":"tMBbNcYte0uVaaBJylTO","title":"Deafcon","pathname":"/2022/nahamcon-ctf-2022/deafcon","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"NahamCon CTF 2022"}]},{"id":"JAyG0KCxa4zkAhU6U1Cv","title":"OTP Vault","pathname":"/2022/nahamcon-ctf-2022/otp-vault","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"NahamCon CTF 2022"}]},{"id":"7fJnvKMyy18PDSgCAa4w","title":"Click Me","pathname":"/2022/nahamcon-ctf-2022/click-me","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"NahamCon CTF 2022"}]},{"id":"ySWokvYJUHOKwVVIyaij","title":"Geezip","pathname":"/2022/nahamcon-ctf-2022/geezip","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"NahamCon CTF 2022"}]},{"id":"SV3k38BtuGMac9Ls8heN","title":"Ostrich","pathname":"/2022/nahamcon-ctf-2022/ostrich","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"NahamCon CTF 2022"}]},{"id":"A6zuvxt5WqqxgW9qWnFu","title":"No Space Between Us","pathname":"/2022/nahamcon-ctf-2022/no-space-between-us","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"NahamCon CTF 2022"}]},{"id":"lfFZbnoey3QN5HwnnUNP","title":"Securinets CTF Quals 2022","pathname":"/2022/securinets-ctf-quals-2022","siteSpaceId":"sitesp_yS7qL","description":"Organised by Securinets Club","breadcrumbs":[{"label":"2022"}]},{"id":"FP9V48EUgQa4fK2Vo3Mp","title":"Document-Converter","pathname":"/2022/securinets-ctf-quals-2022/document-converter","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"Securinets CTF Quals 2022"}]},{"id":"fQiK6ECc9cFGwESaUQer","title":"PlanetSheet","pathname":"/2022/securinets-ctf-quals-2022/planetsheet","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"Securinets CTF Quals 2022"}]},{"id":"ec4OtSJeT9TKnwuzDAZn","title":"NarutoKeeper","pathname":"/2022/securinets-ctf-quals-2022/narutokeeper","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"Securinets CTF Quals 2022"}]},{"id":"J45ObNgOIZezu4v8Znm1","title":"CTF.SG CTF","pathname":"/2022/ctf.sg-ctf","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"}]},{"id":"gLzzlT6kkKGV6J7mT5eY","title":"Asuna Waffles","pathname":"/2022/ctf.sg-ctf/asuna-waffles","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"CTF.SG CTF"}]},{"id":"yWRama98dJabKpbUqwgU","title":"Senpai","pathname":"/2022/ctf.sg-ctf/senpai","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"CTF.SG CTF"}]},{"id":"sLmafaIGr2zQZM5fbf4l","title":"We know this all too well","pathname":"/2022/ctf.sg-ctf/we-know-this-all-too-well","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"CTF.SG CTF"}]},{"id":"niNsuZXMsEeaFovxFwMr","title":"Don't Touch My Flag","pathname":"/2022/ctf.sg-ctf/dont-touch-my-flag","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"CTF.SG CTF"}]},{"id":"NZCvEmC2WzYrA86nXV1F","title":"Wildest Dreams Part 2","pathname":"/2022/ctf.sg-ctf/wildest-dreams-part-2","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"CTF.SG CTF"}]},{"id":"k9QeSv1VBZaNXY8jLu6W","title":"Chopsticks","pathname":"/2022/ctf.sg-ctf/chopsticks","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"CTF.SG CTF"}]},{"id":"my6YBOlBiHEvS8LFbL6s","title":"YaCTF 2022","pathname":"/2022/yactf-2022","siteSpaceId":"sitesp_yS7qL","description":"Yet Another CTF is a computer security competition organized by Yandex and run by SPbCTF crew.","breadcrumbs":[{"label":"2022"}]},{"id":"PQAp8ZmOgMkmxvzGVLef","title":"Shiba","pathname":"/2022/yactf-2022/shiba","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"YaCTF 2022"}]},{"id":"OKZ1R8xKbweD2adcfsjz","title":"Flag Market","pathname":"/2022/yactf-2022/flag-market","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"YaCTF 2022"}]},{"id":"3mSVsbmvfQnwfnSye24a","title":"Pasteless","pathname":"/2022/yactf-2022/pasteless","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"YaCTF 2022"}]},{"id":"5VAkJkByNSDydf3YnYnd","title":"Secretive","pathname":"/2022/yactf-2022/secretive","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"YaCTF 2022"}]},{"id":"fApYURmtHHCoupEmfM5t","title":"MetaPDF","pathname":"/2022/yactf-2022/metapdf","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"YaCTF 2022"}]},{"id":"ZckZYkQ37572ESUqZVPO","title":"Crackme","pathname":"/2022/yactf-2022/crackme","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"YaCTF 2022"}]},{"id":"ofaOFjHaQLPASWjWP19T","title":"DiceCTF 2022","pathname":"/2022/dicectf-2022","siteSpaceId":"sitesp_yS7qL","description":"Hosted by DiceGang from 5 to 7 Feb 2022","breadcrumbs":[{"label":"2022"}]},{"id":"QRjsATgaq2KnK6UQVlKj","title":"knock-knock","pathname":"/2022/dicectf-2022/knock-knock","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"DiceCTF 2022"}]},{"id":"HfQNCJY4XtSv5OgrREfI","title":"blazingfast","pathname":"/2022/dicectf-2022/blazingfast","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"DiceCTF 2022"}]},{"id":"XEUBjQKCheNZqMyJY6Vz","title":"TetCTF 2022","pathname":"/2022/tetctf-2022","siteSpaceId":"sitesp_yS7qL","description":"A great start to the new year! Hosted on 1 to 3 Jan 2022","breadcrumbs":[{"label":"2022"}]},{"id":"77dFIsd4vMLo4J1dAaC9","title":"2X-Service","pathname":"/2022/tetctf-2022/2x-service","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"TetCTF 2022"}]},{"id":"EcyMQmWYGTW60D24UFd3","title":"Animals","pathname":"/2022/tetctf-2022/animals","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"TetCTF 2022"}]},{"id":"tNsXtO8zRDDQCnH870R2","title":"Ezflag Level 1","pathname":"/2022/tetctf-2022/ezflag-level-1","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2022"},{"label":"TetCTF 2022"}]},{"id":"O0vjJLHxikaST2vUz1BB","title":"hxp CTF 2021","pathname":"/2021/hxp-ctf-2021","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"}]},{"id":"98ubaDsCO2SpobD24WA6","title":"HTX Investigator's Challenge 2021","pathname":"/2021/htx-investigators-challenge-2021","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"}]},{"id":"5D46cw8JXxhfgfZyYIxP","title":"Metasploit Community CTF","pathname":"/2021/metasploit-community-ctf","siteSpaceId":"sitesp_yS7qL","description":"Hosted by Rapid7 from 4 Dec to 7 Dec 2021","breadcrumbs":[{"label":"2021"}]},{"id":"pxIZj9z2qFvdn5YLfTJ4","title":"MetaCTF CyberGames","pathname":"/2021/metactf-cybergames","siteSpaceId":"sitesp_yS7qL","description":"MetaCTF's 7th annual virtual jeopardy-style CTF, held from 4 Dec to 6 Dec 2021","breadcrumbs":[{"label":"2021"}]},{"id":"taKAzrdsg4FUwgupv55k","title":"Look, if you had one shot","pathname":"/2021/metactf-cybergames/look-if-you-had-one-shot","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"MetaCTF CyberGames"}]},{"id":"XL3poB1Hy9IZW85szrTu","title":"Custom Blog","pathname":"/2021/metactf-cybergames/custom-blog","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"MetaCTF CyberGames"}]},{"id":"Ea1k6yz2hBTQfHFuOQza","title":"Yummy Vegetables","pathname":"/2021/metactf-cybergames/yummy-vegetables","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"MetaCTF CyberGames"}]},{"id":"nmOicTbF0QC3Ng3Zcmq9","title":"Ransomware Patch","pathname":"/2021/metactf-cybergames/ransomware-patch","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"MetaCTF CyberGames"}]},{"id":"NrMoTXX694fAoTXWDGj9","title":"I Hate Python","pathname":"/2021/metactf-cybergames/i-hate-python","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"MetaCTF CyberGames"}]},{"id":"VR9LcJ5rQ8ax2qvZfEyk","title":"Interception","pathname":"/2021/metactf-cybergames/interception","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"MetaCTF CyberGames"}]},{"id":"5mArgSJ70GrbOeHfXyFN","title":"CyberSecurityRumble CTF","pathname":"/2021/cybersecurityrumble-ctf","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"}]},{"id":"Cqlojtg8CZe87HyJEcGt","title":"Lukas App","pathname":"/2021/cybersecurityrumble-ctf/lukas-app","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"CyberSecurityRumble CTF"}]},{"id":"AgHEmR7WT5VYR191MfpL","title":"Finance Calculat0r 2021","pathname":"/2021/cybersecurityrumble-ctf/finance-calculat0r-2021","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"CyberSecurityRumble CTF"}]},{"id":"N2FUErhY0AJPTA8LXBz1","title":"Personal Encryptor with Nonbreakable Inforation-theoretic Security","pathname":"/2021/cybersecurityrumble-ctf/personal-encryptor-with-nonbreakable-inforation-theoretic-security","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"CyberSecurityRumble CTF"}]},{"id":"MQFKVzgiFttv018KT6h7","title":"Enterprice File Sharing","pathname":"/2021/cybersecurityrumble-ctf/enterprice-file-sharing","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"CyberSecurityRumble CTF"}]},{"id":"vWPDN9i61OLTcEBjO5wl","title":"Payback","pathname":"/2021/cybersecurityrumble-ctf/payback","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"CyberSecurityRumble CTF"}]},{"id":"lLXLjArRZb9KBviB8S5a","title":"Stonks Street Journal","pathname":"/2021/cybersecurityrumble-ctf/stonks-street-journal","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"CyberSecurityRumble CTF"}]},{"id":"VvHapR7mfGKWxnX5Pa7l","title":"The InfoSecurity Challenge (TISC) 2021","pathname":"/2021/the-infosecurity-challenge-tisc-2021","siteSpaceId":"sitesp_yS7qL","description":"TISC is an online challenge organised by CSIT since 2020. It provides opportunities for interested Singaporeans to put their cybersecurity and programming skills to the test by solving challenging puz","breadcrumbs":[{"label":"2021"}]},{"id":"HsqrYzjKLn1hXogdlSI0","title":"Level 4 - The Magician's Den","pathname":"/2021/the-infosecurity-challenge-tisc-2021/level-4-the-magicians-den","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"The InfoSecurity Challenge (TISC) 2021"}]},{"id":"BPTQ4Btr6Ml1hxK4PuZC","title":"Level 3 - Needle in a Greystack","pathname":"/2021/the-infosecurity-challenge-tisc-2021/level-3-needle-in-a-greystack","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"The InfoSecurity Challenge (TISC) 2021"}]},{"id":"mQpaa2iyXrpP0IWCY8Zg","title":"Level 2 - Dee Na Saw as a need","pathname":"/2021/the-infosecurity-challenge-tisc-2021/level-2-dee-na-saw-as-a-need","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"The InfoSecurity Challenge (TISC) 2021"}]},{"id":"G6rQcpxptsuLVL8hCmTG","title":"Level 1 - Scratching the Surface","pathname":"/2021/the-infosecurity-challenge-tisc-2021/level-1-scratching-the-surface","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"The InfoSecurity Challenge (TISC) 2021"}]},{"id":"reirvUzJWwfVDoNKON7s","title":"SPbCTF's Student CTF Quals","pathname":"/2021/spbctfs-student-ctf-quals","siteSpaceId":"sitesp_yS7qL","description":"Student CTF is a novice-level Capture The Flag organized by SPbCTF and supported by St. Petersburg Committee for Science and Higher Education.","breadcrumbs":[{"label":"2021"}]},{"id":"D78m1JMUnuUYeQB0TGMc","title":"31 Line PHP","pathname":"/2021/spbctfs-student-ctf-quals/31-line-php","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"SPbCTF's Student CTF Quals"}]},{"id":"PbrAlCJAdzdHvyAva0rE","title":"BLT","pathname":"/2021/spbctfs-student-ctf-quals/blt","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"SPbCTF's Student CTF Quals"}]},{"id":"Yhc4uG7sDM8QqeQbV6Un","title":"CatStep","pathname":"/2021/spbctfs-student-ctf-quals/catstep","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"SPbCTF's Student CTF Quals"}]},{"id":"-MjwZZe6IDwn9ZyM9cCk","title":"Asian Cyber Security Challenge (ACSC) 2021","pathname":"/2021/asian-cyber-security-challenge-acsc-2021","siteSpaceId":"sitesp_yS7qL","description":"The ACSC is the regional final of the International Cybersecurity Challenge (ICC) — a global CTF competition, supported by the European Union Agency for Cybersecurity (ENISA).","breadcrumbs":[{"label":"2021"}]},{"id":"-MjwhZ6XMhaL5LpiavPa","title":"Cowsay As A Service","pathname":"/2021/asian-cyber-security-challenge-acsc-2021/cowsay-as-a-service","siteSpaceId":"sitesp_yS7qL","description":"Prototype pollution leads to RCE","breadcrumbs":[{"label":"2021"},{"label":"Asian Cyber Security Challenge (ACSC) 2021"}]},{"id":"-MjwgZ22B1vAjwYyHBEx","title":"Favorite Emojis","pathname":"/2021/asian-cyber-security-challenge-acsc-2021/favorite-emojis","siteSpaceId":"sitesp_yS7qL","description":"Prerender dynamic rendering leads to SSRF","breadcrumbs":[{"label":"2021"},{"label":"Asian Cyber Security Challenge (ACSC) 2021"}]},{"id":"-MjwdTLg3yN_65N555lS","title":"Baby Developer","pathname":"/2021/asian-cyber-security-challenge-acsc-2021/baby-developer","siteSpaceId":"sitesp_yS7qL","description":"Directory traversal in insecure Vitepress development server leads to information disclosure through SSRF","breadcrumbs":[{"label":"2021"},{"label":"Asian Cyber Security Challenge (ACSC) 2021"}]},{"id":"-Mjwc85eXBearDOtZ6BX","title":"API","pathname":"/2021/asian-cyber-security-challenge-acsc-2021/api","siteSpaceId":"sitesp_yS7qL","description":"Logic error in user authentication","breadcrumbs":[{"label":"2021"},{"label":"Asian Cyber Security Challenge (ACSC) 2021"}]},{"id":"-MjwilUyk4EPcNOr_fgo","title":"RSA Stream","pathname":"/2021/asian-cyber-security-challenge-acsc-2021/rsa-stream","siteSpaceId":"sitesp_yS7qL","description":"RSA common modulus attack","breadcrumbs":[{"label":"2021"},{"label":"Asian Cyber Security Challenge (ACSC) 2021"}]},{"id":"-Mjwi776HPRC1Tn0HUmt","title":"Filtered","pathname":"/2021/asian-cyber-security-challenge-acsc-2021/filtered","siteSpaceId":"sitesp_yS7qL","description":"Buffer overflow with a flawed length check","breadcrumbs":[{"label":"2021"},{"label":"Asian Cyber Security Challenge (ACSC) 2021"}]},{"id":"-Mjwj7o4NPapeTQZLKyW","title":"NYONG Coin","pathname":"/2021/asian-cyber-security-challenge-acsc-2021/nyong-coin","siteSpaceId":"sitesp_yS7qL","description":"EnCase forensics","breadcrumbs":[{"label":"2021"},{"label":"Asian Cyber Security Challenge (ACSC) 2021"}]},{"id":"-MjSvNY_rFQQOPur_mos","title":"CSAW CTF Qualification Round 2021","pathname":"/2021/csaw-ctf-qualification-round-2021","siteSpaceId":"sitesp_yS7qL","description":"Hosted by members of NYU Tandon School of Engineering’s OSIRIS Lab","breadcrumbs":[{"label":"2021"}]},{"id":"-MjUNzVD-zfRrNa-yHWu","title":"Save the Tristate","pathname":"/2021/csaw-ctf-qualification-round-2021/save-the-tristate","siteSpaceId":"sitesp_yS7qL","description":"Quantum Key Distribution (QKD)","breadcrumbs":[{"label":"2021"},{"label":"CSAW CTF Qualification Round 2021"}]},{"id":"-MjU-Cpb6_f3GJSbO8yV","title":"securinotes","pathname":"/2021/csaw-ctf-qualification-round-2021/securinotes","siteSpaceId":"sitesp_yS7qL","description":"Meteor NoSQL Injection","breadcrumbs":[{"label":"2021"},{"label":"CSAW CTF Qualification Round 2021"}]},{"id":"-MjTmTwq6A6w6vgI7TPS","title":"no pass needed","pathname":"/2021/csaw-ctf-qualification-round-2021/no-pass-needed","siteSpaceId":"sitesp_yS7qL","description":"Filtered SQL injection","breadcrumbs":[{"label":"2021"},{"label":"CSAW CTF Qualification Round 2021"}]},{"id":"-MjTNVlDg6WKHJOcTmuq","title":"Gatekeeping","pathname":"/2021/csaw-ctf-qualification-round-2021/gatekeeping","siteSpaceId":"sitesp_yS7qL","description":"Bypassing Nginx directive through manipulating Gunicorn WSGI variables","breadcrumbs":[{"label":"2021"},{"label":"CSAW CTF Qualification Round 2021"}]},{"id":"-MjTBbIC79sZktA6BQ8G","title":"Ninja","pathname":"/2021/csaw-ctf-qualification-round-2021/ninja","siteSpaceId":"sitesp_yS7qL","description":"Flask Server-Side Template Injection (SSTI)","breadcrumbs":[{"label":"2021"},{"label":"CSAW CTF Qualification Round 2021"}]},{"id":"-MiJnQB_Yirm-6PwhvtD","title":"YauzaCTF 2021","pathname":"/2021/yauzactf-2021","siteSpaceId":"sitesp_yS7qL","description":"Hosted by SFT0 from BMSTU","breadcrumbs":[{"label":"2021"}]},{"id":"-MiKA-xAUQE-x3qA37eC","title":"Yauzacraft Pt. 2","pathname":"/2021/yauzactf-2021/yauzacraft-pt.-2","siteSpaceId":"sitesp_yS7qL","description":"Unrestricted file upload leads to PHP webshell","breadcrumbs":[{"label":"2021"},{"label":"YauzaCTF 2021"}]},{"id":"-MiKHCWd7gvlwfkzZc_J","title":"Yauzabomber","pathname":"/2021/yauzactf-2021/yauzabomber","siteSpaceId":"sitesp_yS7qL","description":"Server-Side Template Injection (SSTI) in SMS template","breadcrumbs":[{"label":"2021"},{"label":"YauzaCTF 2021"}]},{"id":"-MiKZGm3ohS_MldQJZjF","title":"RISC 8bit CPU","pathname":"/2021/yauzactf-2021/risc-8bit-cpu","siteSpaceId":"sitesp_yS7qL","description":"Writing an emulator / disassembler","breadcrumbs":[{"label":"2021"},{"label":"YauzaCTF 2021"}]},{"id":"-MiKapJ5l_ic8Yd4ZJVS","title":"ARC6969 Pt. 1","pathname":"/2021/yauzactf-2021/arc6969-pt.-1","siteSpaceId":"sitesp_yS7qL","description":"Writing an emulator / disassembler","breadcrumbs":[{"label":"2021"},{"label":"YauzaCTF 2021"}]},{"id":"-MiKkth6JxUzp8mqeeql","title":"ARC6969 Pt. 2","pathname":"/2021/yauzactf-2021/arc6969-pt.-2","siteSpaceId":"sitesp_yS7qL","description":"Writing an emulator / disassembler","breadcrumbs":[{"label":"2021"},{"label":"YauzaCTF 2021"}]},{"id":"-MiKr6S0pXwDE1tTo7tI","title":"Back in 1986 - User","pathname":"/2021/yauzactf-2021/back-in-1986-user","siteSpaceId":"sitesp_yS7qL","description":"Morris Worm - fingerd Stack Buffer Overflow and Cron Job misconfiguration","breadcrumbs":[{"label":"2021"},{"label":"YauzaCTF 2021"}]},{"id":"-MiL6nbgoAjBsS-PxiFd","title":"Lorem-Ipsum","pathname":"/2021/yauzactf-2021/lorem-ipsum","siteSpaceId":"sitesp_yS7qL","description":"Zero-Width Space (ZWSP) Stegonography","breadcrumbs":[{"label":"2021"},{"label":"YauzaCTF 2021"}]},{"id":"-MhCvUx1qMxZn8DP8gR-","title":"InCTF 2021","pathname":"/2021/inctf-2021","siteSpaceId":"sitesp_yS7qL","description":"The fifth international edition of InCTF, hosted by team bi0s","breadcrumbs":[{"label":"2021"}]},{"id":"-MhDwkIiEh17suN5ONWW","title":"Notepad 1 - Snakehole's Secret","pathname":"/2021/inctf-2021/notepad-1-snakeholes-secret","siteSpaceId":"sitesp_yS7qL","description":"Stored XSS and Response Header Injection Leads to CSRF","breadcrumbs":[{"label":"2021"},{"label":"InCTF 2021"}]},{"id":"-MhDRfaxUHKxQFNm5LCl","title":"RaaS","pathname":"/2021/inctf-2021/raas","siteSpaceId":"sitesp_yS7qL","description":"SSRF using Gopher protocol leads to tampering of Redis key-value store","breadcrumbs":[{"label":"2021"},{"label":"InCTF 2021"}]},{"id":"-MhD1vnXlWLxcXHj0zYZ","title":"MD Notes","pathname":"/2021/inctf-2021/md-notes","siteSpaceId":"sitesp_yS7qL","description":"postMessage information disclosure leads to stored XSS","breadcrumbs":[{"label":"2021"},{"label":"InCTF 2021"}]},{"id":"-MhEepkpfPjfTcVtwHAd","title":"Shell Boi","pathname":"/2021/inctf-2021/shell-boi","siteSpaceId":"sitesp_yS7qL","description":"Unencrypted remote shell leads to TCP session hijacking and RCE through man-in-the-middle (MITM) attack","breadcrumbs":[{"label":"2021"},{"label":"InCTF 2021"}]},{"id":"-MhDylekFD1_8lmQ3JPn","title":"Listen","pathname":"/2021/inctf-2021/listen","siteSpaceId":"sitesp_yS7qL","description":"Basic packet sniffing and analysis","breadcrumbs":[{"label":"2021"},{"label":"InCTF 2021"}]},{"id":"-MhF-XUWdHIMxvwpDhY2","title":"Ermittlung","pathname":"/2021/inctf-2021/ermittlung","siteSpaceId":"sitesp_yS7qL","description":"Basic memory forensics","breadcrumbs":[{"label":"2021"},{"label":"InCTF 2021"}]},{"id":"-MhF1pIr5agsXVq-RG-_","title":"Alpha Pie","pathname":"/2021/inctf-2021/alpha-pie","siteSpaceId":"sitesp_yS7qL","description":"Breadth-first Search algorithm for a fun programming task","breadcrumbs":[{"label":"2021"},{"label":"InCTF 2021"}]},{"id":"-Mg91wiugh3h8UH2DVkU","title":"UIUCTF 2021","pathname":"/2021/uiuctf-2021","siteSpaceId":"sitesp_yS7qL","description":"UIUCTF is an annual Capture the Flag competition run by undergraduate students at the University of Illinois at Urbana-Champaign (UIUC).","breadcrumbs":[{"label":"2021"}]},{"id":"-MgFAplQVeC3hdp-BO4s","title":"pwnies_please","pathname":"/2021/uiuctf-2021/pwnies_please","siteSpaceId":"sitesp_yS7qL","description":"Adversarial attack on an image classifier using the Fast Gradient Sign Method (FGSM)","breadcrumbs":[{"label":"2021"},{"label":"UIUCTF 2021"}]},{"id":"-MgAyPT3_ul2kSD65MYy","title":"yana","pathname":"/2021/uiuctf-2021/yana","siteSpaceId":"sitesp_yS7qL","description":"GitHub Pages subdomain takeover and cache probing XS-Leak","breadcrumbs":[{"label":"2021"},{"label":"UIUCTF 2021"}]},{"id":"-MgAGXyxgEgaaNzyfVf9","title":"ponydb","pathname":"/2021/uiuctf-2021/ponydb","siteSpaceId":"sitesp_yS7qL","description":"SQL injection and truncation attack","breadcrumbs":[{"label":"2021"},{"label":"UIUCTF 2021"}]},{"id":"-MgJdsuwFHvyteM0WaQ1","title":"SUPER","pathname":"/2021/uiuctf-2021/super","siteSpaceId":"sitesp_yS7qL","description":"Decoding an XOR-encoded file gives us an MS-DOS VHD","breadcrumbs":[{"label":"2021"},{"label":"UIUCTF 2021"}]},{"id":"-MgJF2dkSyhu2pCT2rM6","title":"Q-Rious Transmissions","pathname":"/2021/uiuctf-2021/q-rious-transmissions","siteSpaceId":"sitesp_yS7qL","description":"Superdense coding quantum communication protocol","breadcrumbs":[{"label":"2021"},{"label":"UIUCTF 2021"}]},{"id":"-MgJ_cOfGl12NY46y1nd","title":"capture the :flag:","pathname":"/2021/uiuctf-2021/capture-the-flag","siteSpaceId":"sitesp_yS7qL","description":"LSB steganography","breadcrumbs":[{"label":"2021"},{"label":"UIUCTF 2021"}]},{"id":"-Mg9OwPlJVWMEoJM1iQO","title":"back_to_basics","pathname":"/2021/uiuctf-2021/back_to_basics","siteSpaceId":"sitesp_yS7qL","description":"Simple beginner challenge about base-n encodings","breadcrumbs":[{"label":"2021"},{"label":"UIUCTF 2021"}]},{"id":"-MgEsk6mfqJwlu6gbxK8","title":"buy_buy_buy","pathname":"/2021/uiuctf-2021/buy_buy_buy","siteSpaceId":"sitesp_yS7qL","description":"A Discord marketplace!","breadcrumbs":[{"label":"2021"},{"label":"UIUCTF 2021"}]},{"id":"-Meu963cvls91d4kEUpG","title":"Google CTF 2021","pathname":"/2021/google-ctf-2021","siteSpaceId":"sitesp_yS7qL","description":"Annual Capture The Flag hosted by the Google Security Team.","breadcrumbs":[{"label":"2021"}]},{"id":"-Meu67Gmccod-GD7Puiy","title":"CPP","pathname":"/2021/google-ctf-2021/cpp","siteSpaceId":"sitesp_yS7qL","description":"We have this program's source code, but it uses a strange DRM solution. Can you crack it?","breadcrumbs":[{"label":"2021"},{"label":"Google CTF 2021"}]},{"id":"-MeuLzuj0LHnRjum7bTX","title":"Filestore","pathname":"/2021/google-ctf-2021/filestore","siteSpaceId":"sitesp_yS7qL","description":"We stored our flag on this platform, but forgot to save the id. Can you help us restore it?","breadcrumbs":[{"label":"2021"},{"label":"Google CTF 2021"}]},{"id":"-MehsxgxJxyubRgtAIn_","title":"TyphoonCon CTF 2021","pathname":"/2021/typhooncon-ctf-2021","siteSpaceId":"sitesp_yS7qL","description":"Hosted by SSD Secure Disclosure","breadcrumbs":[{"label":"2021"}]},{"id":"-Mei2gxG3GEmQm2IZIFa","title":"Clubmouse","pathname":"/2021/typhooncon-ctf-2021/clubmouse","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"TyphoonCon CTF 2021"}]},{"id":"-Meht8IXCZZD3mRkSAY5","title":"Impasse","pathname":"/2021/typhooncon-ctf-2021/impasse","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"TyphoonCon CTF 2021"}]},{"id":"-MdBAEXlk4LXttFsS5Nw","title":"DSTA BrainHack CDDC21","pathname":"/2021/dsta-brainhack-cddc21","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"}]},{"id":"-MdByTUGjPwNcNPNloXl","title":"File It Away (Pwn)","pathname":"/2021/dsta-brainhack-cddc21/file-it-away-pwn","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"DSTA BrainHack CDDC21"}]},{"id":"-MdBylm7yOBXkuQVTEv1","title":"Linux Rules the World! (Linux)","pathname":"/2021/dsta-brainhack-cddc21/linux-rules-the-world-linux","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"DSTA BrainHack CDDC21"}]},{"id":"-MdCEtSIJbLKpyvWag2n","title":"Going Active (Reconnaissance)","pathname":"/2021/dsta-brainhack-cddc21/going-active-reconnaissance","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"DSTA BrainHack CDDC21"}]},{"id":"-MdCH2SbrHKtEo_9p_L0","title":"Behind the Mask (Windows)","pathname":"/2021/dsta-brainhack-cddc21/behind-the-mask-windows","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"DSTA BrainHack CDDC21"}]},{"id":"-MdCSOflCyjQos4pjujH","title":"Web Takedown Episode 2 (Web)","pathname":"/2021/dsta-brainhack-cddc21/web-takedown-episode-2-web","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"DSTA BrainHack CDDC21"}]},{"id":"-MdCGTRwhnkKXDpKIEiC","title":"Break it Down (Crypto)","pathname":"/2021/dsta-brainhack-cddc21/break-it-down-crypto","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"DSTA BrainHack CDDC21"}]},{"id":"-McEdp1MkchOvvt9nRg2","title":"BCACTF 2.0","pathname":"/2021/bcactf-2.0","siteSpaceId":"sitesp_yS7qL","description":"I didn't have much time to play this one, but the challenges that I did try were definitely fun!","breadcrumbs":[{"label":"2021"}]},{"id":"-McEbnYKeNEMJ7yrT9cv","title":"L10N Poll","pathname":"/2021/bcactf-2.0/l10n-poll","siteSpaceId":"sitesp_yS7qL","description":"jsonwebtoken authentication bypass vulnerability.","breadcrumbs":[{"label":"2021"},{"label":"BCACTF 2.0"}]},{"id":"-McEbVLucVHWrwJiKxJP","title":"Challenge Checker","pathname":"/2021/bcactf-2.0/challenge-checker","siteSpaceId":"sitesp_yS7qL","description":"PyYAML deserialisation vulnerability (CVE-2020-14343).","breadcrumbs":[{"label":"2021"},{"label":"BCACTF 2.0"}]},{"id":"-McEZJ_-jU4MhiyzkmIK","title":"Discrete Mathematics","pathname":"/2021/bcactf-2.0/discrete-mathematics","siteSpaceId":"sitesp_yS7qL","description":"Buffer overflow, with a ROP chain.","breadcrumbs":[{"label":"2021"},{"label":"BCACTF 2.0"}]},{"id":"-McEUo3jWhxv75syy-st","title":"Advanced Math Analysis","pathname":"/2021/bcactf-2.0/advanced-math-analysis","siteSpaceId":"sitesp_yS7qL","description":"Buffer overflow, with a strcmp() check.","breadcrumbs":[{"label":"2021"},{"label":"BCACTF 2.0"}]},{"id":"-McESzfEgOTXi-01Iubq","title":"Math Analysis","pathname":"/2021/bcactf-2.0/math-analysis","siteSpaceId":"sitesp_yS7qL","description":"Classic buffer overflow.","breadcrumbs":[{"label":"2021"},{"label":"BCACTF 2.0"}]},{"id":"-McERotmuKKazuS7z78s","title":"American Literature","pathname":"/2021/bcactf-2.0/american-literature","siteSpaceId":"sitesp_yS7qL","description":"Format string vulnerability.","breadcrumbs":[{"label":"2021"},{"label":"BCACTF 2.0"}]},{"id":"-McEa-gw9giOZeQec_Zi","title":"More Than Meets the Eye","pathname":"/2021/bcactf-2.0/more-than-meets-the-eye","siteSpaceId":"sitesp_yS7qL","description":"Zero-width space (ZWSP)","breadcrumbs":[{"label":"2021"},{"label":"BCACTF 2.0"}]},{"id":"-McEaabLnZI9hmQryJVC","title":"􃗁􌲔􇺟􊸉􁫞􄺷􄧻􃄏􊸉","pathname":"/2021/bcactf-2.0/undefined","siteSpaceId":"sitesp_yS7qL","description":"Unicode substitution cipher.","breadcrumbs":[{"label":"2021"},{"label":"BCACTF 2.0"}]},{"id":"-MbWylTLAixBEttOmByA","title":"Zh3ro CTF V2","pathname":"/2021/zh3ro-ctf-v2","siteSpaceId":"sitesp_yS7qL","description":"Web and Crypto challenges from Zh3r0 CTF V2 hosted from 4 June - 6 June 2021!","breadcrumbs":[{"label":"2021"}]},{"id":"-MbXyQ7QlOZwEZnZBpaW","title":"Chaos","pathname":"/2021/zh3ro-ctf-v2/chaos","siteSpaceId":"sitesp_yS7qL","description":"Collisions in the chaotic hash function.","breadcrumbs":[{"label":"2021"},{"label":"Zh3ro CTF V2"}]},{"id":"-MbXkf2gjiE9iD1xJJvK","title":"Twist and Shout","pathname":"/2021/zh3ro-ctf-v2/twist-and-shout","siteSpaceId":"sitesp_yS7qL","description":"Recovering the internal state of Python's Mersenne Twister PRNG.","breadcrumbs":[{"label":"2021"},{"label":"Zh3ro CTF V2"}]},{"id":"-MbXawBpjvfxtgNZk3tf","title":"1n_jection","pathname":"/2021/zh3ro-ctf-v2/1n_jection","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"Zh3ro CTF V2"}]},{"id":"-MbXSl3QZxfzN1qSfKw5","title":"alice_bob_dave","pathname":"/2021/zh3ro-ctf-v2/alice_bob_dave","siteSpaceId":"sitesp_yS7qL","description":"Common factor in RSA modulus.","breadcrumbs":[{"label":"2021"},{"label":"Zh3ro CTF V2"}]},{"id":"-MbXFw5oBXoA1gZkavHZ","title":"Baby SSRF","pathname":"/2021/zh3ro-ctf-v2/baby-ssrf","siteSpaceId":"sitesp_yS7qL","description":"SSRF blacklist bypass enabled internal port scan and access to hidden endpoints.","breadcrumbs":[{"label":"2021"},{"label":"Zh3ro CTF V2"}]},{"id":"-MbXBTLGT6eQD5bf486a","title":"bxxs","pathname":"/2021/zh3ro-ctf-v2/bxxs","siteSpaceId":"sitesp_yS7qL","description":"XSS leads to information leakage of hidden endpoint and authentication bypass.","breadcrumbs":[{"label":"2021"},{"label":"Zh3ro CTF V2"}]},{"id":"-MbX0hFRswKJacu5Q79q","title":"Sparta","pathname":"/2021/zh3ro-ctf-v2/sparta","siteSpaceId":"sitesp_yS7qL","description":"node.js deserialization vulnerability leads to RCE.","breadcrumbs":[{"label":"2021"},{"label":"Zh3ro CTF V2"}]},{"id":"-Mb1ljCx7CPBtLVINHCn","title":"Pwn2Win CTF 2021","pathname":"/2021/pwn2win-ctf-2021","siteSpaceId":"sitesp_yS7qL","description":"As one of the DEFCON pre-qualifiers, this was definitely a challenging CTF. The challenges were high-quality, and felt extremely realistic.","breadcrumbs":[{"label":"2021"}]},{"id":"-Mb1sAq7kl7vGgPEh5SW","title":"C'mon See My Vulns","pathname":"/2021/pwn2win-ctf-2021/cmon-see-my-vulns","siteSpaceId":"sitesp_yS7qL","description":"PHP eval(), LD_PRELOAD RCE","breadcrumbs":[{"label":"2021"},{"label":"Pwn2Win CTF 2021"}]},{"id":"-Mb1mOrVow5e5MXoXIcl","title":"Illusion","pathname":"/2021/pwn2win-ctf-2021/illusion","siteSpaceId":"sitesp_yS7qL","description":"JavaScript Prototype Injection","breadcrumbs":[{"label":"2021"},{"label":"Pwn2Win CTF 2021"}]},{"id":"-MaRIPwsUeq0X-YAO7X4","title":"NorzhCTF 2021","pathname":"/2021/norzhctf-2021","siteSpaceId":"sitesp_yS7qL","description":"This was my first time doing a Hack Quest CTF. The challenges were quite fun, especially because they are more realistic than most CTF challenges.","breadcrumbs":[{"label":"2021"}]},{"id":"-MaRNdfCJ8X9TH8g2_K_","title":"Leet Computer","pathname":"/2021/norzhctf-2021/leet-computer","siteSpaceId":"sitesp_yS7qL","description":"Pentesting, Ghidra JDWP RCE, Sudo Misconfiguration, NSE Scripting","breadcrumbs":[{"label":"2021"},{"label":"NorzhCTF 2021"}]},{"id":"-MaRJ01fFXe3pZpWkPVG","title":"Secure Auth v0","pathname":"/2021/norzhctf-2021/secure-auth-v0","siteSpaceId":"sitesp_yS7qL","description":"Reverse Engineering","breadcrumbs":[{"label":"2021"},{"label":"NorzhCTF 2021"}]},{"id":"-MaRXZz0LETYlF8-ruXw","title":"Triskel 3: Dead End","pathname":"/2021/norzhctf-2021/triskel-3-dead-end","siteSpaceId":"sitesp_yS7qL","description":"Werkzeug Debugger Console RCE","breadcrumbs":[{"label":"2021"},{"label":"NorzhCTF 2021"}]},{"id":"-MaRVNDj524S-YQhkMX0","title":"Triskel 2: Going In","pathname":"/2021/norzhctf-2021/triskel-2-going-in","siteSpaceId":"sitesp_yS7qL","description":"SQL Injection","breadcrumbs":[{"label":"2021"},{"label":"NorzhCTF 2021"}]},{"id":"-MaRLVWP4dDsmGD8oYeO","title":"Triskel 1: First Contact","pathname":"/2021/norzhctf-2021/triskel-1-first-contact","siteSpaceId":"sitesp_yS7qL","description":"Server-side Request Forgery (SSRF)","breadcrumbs":[{"label":"2021"},{"label":"NorzhCTF 2021"}]},{"id":"-MaRLHrRuzrAZx75iKlf","title":"Discovery","pathname":"/2021/norzhctf-2021/discovery","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"NorzhCTF 2021"}]},{"id":"-M_EBy2XLfVxJzUzmKGS","title":"DawgCTF 2021","pathname":"/2021/dawgctf-2021","siteSpaceId":"sitesp_yS7qL","description":"Hosted by the UMBC CyberDawgs.","breadcrumbs":[{"label":"2021"}]},{"id":"-M_EDSKv2DtaS8gPUJry","title":"Bofit","pathname":"/2021/dawgctf-2021/bofit","siteSpaceId":"sitesp_yS7qL","description":"Buffer overflow","breadcrumbs":[{"label":"2021"},{"label":"DawgCTF 2021"}]},{"id":"-M_ED6gNVhf9-1H-bC0f","title":"Jellyspotters","pathname":"/2021/dawgctf-2021/jellyspotters","siteSpaceId":"sitesp_yS7qL","description":"Python pickle deserialisation","breadcrumbs":[{"label":"2021"},{"label":"DawgCTF 2021"}]},{"id":"-M_EEQ8aj2hotrMPcWt0","title":"No Step On Snek","pathname":"/2021/dawgctf-2021/no-step-on-snek","siteSpaceId":"sitesp_yS7qL","description":"Python input() vulnerability","breadcrumbs":[{"label":"2021"},{"label":"DawgCTF 2021"}]},{"id":"-M_EEqr6A02w_YpptEH9","title":"Back to the Lab 2","pathname":"/2021/dawgctf-2021/back-to-the-lab-2","siteSpaceId":"sitesp_yS7qL","description":"LabVIEW","breadcrumbs":[{"label":"2021"},{"label":"DawgCTF 2021"}]},{"id":"-M_EGEkm0IbqvRbT3V_b","title":"MDL Considered Harmful","pathname":"/2021/dawgctf-2021/mdl-considered-harmful","siteSpaceId":"sitesp_yS7qL","description":"ImageMagick CVE-2016-3717","breadcrumbs":[{"label":"2021"},{"label":"DawgCTF 2021"}]},{"id":"-M_EI4w8IdNIM58pC575","title":"Really Secure Algorithm","pathname":"/2021/dawgctf-2021/really-secure-algorithm","siteSpaceId":"sitesp_yS7qL","description":"Wiener's attack on RSA","breadcrumbs":[{"label":"2021"},{"label":"DawgCTF 2021"}]},{"id":"-M_EJ-YXjpjoeI9HuSdR","title":"The Obligatory RSA Challenge","pathname":"/2021/dawgctf-2021/the-obligatory-rsa-challenge","siteSpaceId":"sitesp_yS7qL","description":"RSA with factorable n","breadcrumbs":[{"label":"2021"},{"label":"DawgCTF 2021"}]},{"id":"-M_EJtixS1Q-wxYDL6DZ","title":"Trash Chain","pathname":"/2021/dawgctf-2021/trash-chain","siteSpaceId":"sitesp_yS7qL","description":"Reverse engineering a hash function","breadcrumbs":[{"label":"2021"},{"label":"DawgCTF 2021"}]},{"id":"-M_EKuJ6edWAx_uNOpBI","title":"What the Flip?!","pathname":"/2021/dawgctf-2021/what-the-flip","siteSpaceId":"sitesp_yS7qL","description":"AES CBC Byte Flipping Attack","breadcrumbs":[{"label":"2021"},{"label":"DawgCTF 2021"}]},{"id":"-M_ELoHmpD_9MYVBXKSW","title":"Back to the Lab 1","pathname":"/2021/dawgctf-2021/back-to-the-lab-1","siteSpaceId":"sitesp_yS7qL","description":"LabVIEW","breadcrumbs":[{"label":"2021"},{"label":"DawgCTF 2021"}]},{"id":"-M_EM3kyTns6vlG14gsv","title":"Back to the Lab 3","pathname":"/2021/dawgctf-2021/back-to-the-lab-3","siteSpaceId":"sitesp_yS7qL","description":"LabVIEW","breadcrumbs":[{"label":"2021"},{"label":"DawgCTF 2021"}]},{"id":"-M_ENh9_QoaEzhK84jPS","title":"Dr. Hrabowski's Great Adventure","pathname":"/2021/dawgctf-2021/dr.-hrabowskis-great-adventure","siteSpaceId":"sitesp_yS7qL","description":"SQL Injection","breadcrumbs":[{"label":"2021"},{"label":"DawgCTF 2021"}]},{"id":"-M_EOMu5PITdv6ZAG0M_","title":"Just a Comment","pathname":"/2021/dawgctf-2021/just-a-comment","siteSpaceId":"sitesp_yS7qL","description":"Wireshark","breadcrumbs":[{"label":"2021"},{"label":"DawgCTF 2021"}]},{"id":"-M_EOnbAD0wsT_6X95Gm","title":"Baby's First Modulation","pathname":"/2021/dawgctf-2021/babys-first-modulation","siteSpaceId":"sitesp_yS7qL","description":"GNURadio","breadcrumbs":[{"label":"2021"},{"label":"DawgCTF 2021"}]},{"id":"-M_EP8zGNlU9b-KBjlXF","title":"Two Truths and a Fib","pathname":"/2021/dawgctf-2021/two-truths-and-a-fib","siteSpaceId":"sitesp_yS7qL","description":"Programming","breadcrumbs":[{"label":"2021"},{"label":"DawgCTF 2021"}]},{"id":"-MYbwthkp-MfI47fvP5h","title":"UMDCTF 2021","pathname":"/2021/umdctf-2021","siteSpaceId":"sitesp_yS7qL","description":"What a fun CTF! Cheers to my team, Social Engineering Xperts for placing 8th overall.","breadcrumbs":[{"label":"2021"}]},{"id":"-MYc49JMoO4d6cGLH6LV","title":"Advantageous Adventures","pathname":"/2021/umdctf-2021/advantageous-adventures","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"UMDCTF 2021"}]},{"id":"-MYc5AsonBS3QmjdCm11","title":"Roy's Randomness","pathname":"/2021/umdctf-2021/roys-randomness","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"UMDCTF 2021"}]},{"id":"-MYc5T3jYmMrEgPuvX-e","title":"Whose Base Is It Anyway","pathname":"/2021/umdctf-2021/whose-base-is-it-anyway","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"UMDCTF 2021"}]},{"id":"-MYc5uPN2S4RNfkR-jGw","title":"Cards Galore","pathname":"/2021/umdctf-2021/cards-galore","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"UMDCTF 2021"}]},{"id":"-MYc62y1UiyavEmbIyFa","title":"Pretty Dumb File","pathname":"/2021/umdctf-2021/pretty-dumb-file","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"UMDCTF 2021"}]},{"id":"-MYc6PxBwLp6zy4PJZKc","title":"Minetest","pathname":"/2021/umdctf-2021/minetest","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"UMDCTF 2021"}]},{"id":"-MYc6nPAolAGqGFC4nBn","title":"Donnie Docker","pathname":"/2021/umdctf-2021/donnie-docker","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"UMDCTF 2021"}]},{"id":"-MYc6zSsZnMW3R6RhpvB","title":"Subway","pathname":"/2021/umdctf-2021/subway","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"UMDCTF 2021"}]},{"id":"-MYc74bw5DdRejV56j6o","title":"Jump Not Easy","pathname":"/2021/umdctf-2021/jump-not-easy","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"UMDCTF 2021"}]},{"id":"-MYc7Z851qYy3j8kzrAr","title":"To Be XOR Not To Be","pathname":"/2021/umdctf-2021/to-be-xor-not-to-be","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"UMDCTF 2021"}]},{"id":"-MYc7cUT6n8crBiIJEL7","title":"Office Secrets","pathname":"/2021/umdctf-2021/office-secrets","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"UMDCTF 2021"}]},{"id":"-MYc7mhKZbpDTBVP0rIM","title":"L33t M4th","pathname":"/2021/umdctf-2021/l33t-m4th","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"UMDCTF 2021"}]},{"id":"-MYc7pdLywakaYOf0zXK","title":"Bomb 2 - Mix Up","pathname":"/2021/umdctf-2021/bomb-2-mix-up","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"UMDCTF 2021"}]},{"id":"-MYc7uKWSqV9e5Ux_pGh","title":"Jay","pathname":"/2021/umdctf-2021/jay","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"},{"label":"UMDCTF 2021"}]},{"id":"-MYAH-9GGuZuGBEx1CfZ","title":"Midnight Sun CTF 2021","pathname":"/2021/midnight-sun-ctf","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"}]},{"id":"-MYAH_NxGWIG43_AwqL4","title":"Corporate MFA","pathname":"/2021/midnight-sun-ctf/corporate-mfa","siteSpaceId":"sitesp_yS7qL","description":"PHP object injection (deserialization vulnerability)","breadcrumbs":[{"label":"2021"},{"label":"Midnight Sun CTF 2021"}]},{"id":"-MYAKczCayQj3WJgF1dW","title":"Gurkburk","pathname":"/2021/midnight-sun-ctf/gurkburk","siteSpaceId":"sitesp_yS7qL","description":"Python pickle deserialization vulnerability","breadcrumbs":[{"label":"2021"},{"label":"Midnight Sun CTF 2021"}]},{"id":"-MYANFO3H0CAZbAKq1Rz","title":"Backups","pathname":"/2021/midnight-sun-ctf/backups","siteSpaceId":"sitesp_yS7qL","description":"RSA factordb attack","breadcrumbs":[{"label":"2021"},{"label":"Midnight Sun CTF 2021"}]},{"id":"-MX1dkrcWQYppd-mguIC","title":"picoCTF 2021","pathname":"/2021/picoctf","siteSpaceId":"sitesp_yS7qL","description":"This CTF was a blast! I enjoyed many of the Web Exploitation challenges in particular. Here are some of the more interesting challenges I solved.","breadcrumbs":[{"label":"2021"}]},{"id":"-MX1w5EMz2PCHznRduhm","title":"It Is My Birthday (100)","pathname":"/2021/picoctf/it-is-my-birthday-100","siteSpaceId":"sitesp_yS7qL","description":"MD5 collisions","breadcrumbs":[{"label":"2021"},{"label":"picoCTF 2021"}]},{"id":"-MX2-YMNdVZArBM26Avw","title":"Super Serial (130)","pathname":"/2021/picoctf/super-serial-130","siteSpaceId":"sitesp_yS7qL","description":"PHP object injection (deserialization vulnerability)","breadcrumbs":[{"label":"2021"},{"label":"picoCTF 2021"}]},{"id":"-MX21TiNgDYmeW9z37H-","title":"Most Cookies (150)","pathname":"/2021/picoctf/most-cookies-150","siteSpaceId":"sitesp_yS7qL","description":"Flask client-side sessions, cookie forgery","breadcrumbs":[{"label":"2021"},{"label":"picoCTF 2021"}]},{"id":"-MX23I-Cj_yxinrhsIob","title":"Startup Company (180)","pathname":"/2021/picoctf/startup-company-180","siteSpaceId":"sitesp_yS7qL","description":"SQLite injection","breadcrumbs":[{"label":"2021"},{"label":"picoCTF 2021"}]},{"id":"-MX24b80aZzQXGn6MNFD","title":"X marks the spot (250)","pathname":"/2021/picoctf/x-marks-the-spot-250","siteSpaceId":"sitesp_yS7qL","description":"Blind XPath injection","breadcrumbs":[{"label":"2021"},{"label":"picoCTF 2021"}]},{"id":"-MX29yySVqtoSINX0cZl","title":"Web Gauntlet (170 + 300)","pathname":"/2021/picoctf/web-gauntlet-170-+-300","siteSpaceId":"sitesp_yS7qL","description":"Filtered SQLite injection","breadcrumbs":[{"label":"2021"},{"label":"picoCTF 2021"}]},{"id":"-MX2dmeV7NMTYy5NPeMe","title":"Easy Peasy (40)","pathname":"/2021/picoctf/easy-peasy-40","siteSpaceId":"sitesp_yS7qL","description":"One-time-pad (OTP) key reuse","breadcrumbs":[{"label":"2021"},{"label":"picoCTF 2021"}]},{"id":"-MX2_DXLDfFYy7MUSBU1","title":"Mini RSA (70)","pathname":"/2021/picoctf/mini-rsa-70","siteSpaceId":"sitesp_yS7qL","description":"RSA with low exponent","breadcrumbs":[{"label":"2021"},{"label":"picoCTF 2021"}]},{"id":"-MX2Z_vNrQoJqd3nY4MD","title":"Dachshund Attacks (80)","pathname":"/2021/picoctf/dachshund-attacks-80","siteSpaceId":"sitesp_yS7qL","description":"Wiener's attack","breadcrumbs":[{"label":"2021"},{"label":"picoCTF 2021"}]},{"id":"-MX2AuQV-VlBsCD76vVu","title":"No Padding, No Problem (90)","pathname":"/2021/picoctf/no-padding-no-problem-90","siteSpaceId":"sitesp_yS7qL","description":"RSA chosen-ciphertext attack (CCA)","breadcrumbs":[{"label":"2021"},{"label":"picoCTF 2021"}]},{"id":"-MX2jwRczUvXXXRidTw0","title":"Trivial Flag Transfer Protocol (90)","pathname":"/2021/picoctf/trivial-flag-transfer-protocol-90","siteSpaceId":"sitesp_yS7qL","description":"Wireshark + steganography","breadcrumbs":[{"label":"2021"},{"label":"picoCTF 2021"}]},{"id":"-MX2kMZLEebzvl7c6VvJ","title":"Wireshark twoo twooo two twoo... (100)","pathname":"/2021/picoctf/wireshark-twoo-twooo-two-twoo...-100","siteSpaceId":"sitesp_yS7qL","description":"DNS exfiltration","breadcrumbs":[{"label":"2021"},{"label":"picoCTF 2021"}]},{"id":"-MX2le6hYU3G1wXImfwH","title":"Disk, Disk, Sleuth! (110 + 130)","pathname":"/2021/picoctf/disk-disk-sleuth-110-+-130","siteSpaceId":"sitesp_yS7qL","description":"Disk image analysis","breadcrumbs":[{"label":"2021"},{"label":"picoCTF 2021"}]},{"id":"-MX2mPwn36HELXcdtu8V","title":"Stonks (20)","pathname":"/2021/picoctf/stonks-20","siteSpaceId":"sitesp_yS7qL","description":"Format string vulnerability","breadcrumbs":[{"label":"2021"},{"label":"picoCTF 2021"}]},{"id":"-MX2o-LDqDnCrkRTs8p7","title":"DSO-NUS CTF 2021","pathname":"/2021/dso-nus-ctf","siteSpaceId":"sitesp_yS7qL","description":"","breadcrumbs":[{"label":"2021"}]},{"id":"-MX2o7kJANPqaeJXqEJo","title":"Insecure (100)","pathname":"/2021/dso-nus-ctf/insecure-100","siteSpaceId":"sitesp_yS7qL","description":"Privilege escalation through SUID files and PATH variable manipulation","breadcrumbs":[{"label":"2021"},{"label":"DSO-NUS CTF 2021"}]},{"id":"-MX2qiLjj3229dI3OZ4e","title":"Easy SQL (200)","pathname":"/2021/dso-nus-ctf/easy-sql-200","siteSpaceId":"sitesp_yS7qL","description":"Filtered MariaDB injection, stacked queries","breadcrumbs":[{"label":"2021"},{"label":"DSO-NUS CTF 2021"}]}]}