28 Sep 2021
Introduction OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP...
CTF OWASP Web Security Access Control
08 Aug 2021
Description: Humanity has exploited our allies, the dart frogs, for far too long, take back the freedom of our lovely poisonous friends. Malicious input is out of the question when dart frogs meet industrialisation. Intro Toxic is a web challenge...
CTF HackTheBox Web Security LFI
07 Aug 2021
Description: Can you exploit this simple mistake? Intro Templated is a web challenge on HackTheBox. When we first visit the website we get this index page. Note that the website is powered by Flask and the Jinja2 python template engine....
CTF HackTheBox Web Security SSTI
06 Aug 2021
Scanning And Enumeration First, as usual, we run an Nmap scan to identify open ports and services. A web server is running on port 80, it’s hosting a one-page site with no functionality at all. it was clear to me...
CTF HackTheBox Security
23 Dec 2020
Challenge Text Introduction I’ve participated along with some friends in STACKS CTF which was organised by GovTech’s Cyber Security Group (CSG). The challanges were impressive and fun. I’ve been holding off on writing this one since I didn’t have the...
CTF Web Security JWT
28 Nov 2020
Krypton stealer first appeared on the scene last year on darkweb.cc and it was going for around $100. It’s an efficient, small sized, credential stealer targeting Windows users. The version of krypton stealer analysed here (one of the early versions)...
Malware Analysis Security Reverse Engineering
15 Sep 2020
Description: A develper is experiementing with different ways to protect their software. They have sent in a windows binary that is supposed to be super secure and really hard to debug. Debug and see if you can find the flag....
CTF Reverse Engineering HackTheBox
02 Sep 2020
Today I came across the simplest ransomware that I’ve ever seen, and it’s badly written too… So why not make it the subject of the 1st blog? Initial Analysis The binary’s size is 12 MB… kinda hard to distribute :)...
Malware Analysis Reverse Engineering Security