Flaws.cloud

Hey guys! Just completed the flaws.cloud challenges some time ago. It's pretty easy and already contains lots of directives but nevertheless, I thought I would write a short post on it just as a note to myself and in hopes of helping anyone stuck a at some point. I…

CSRF-MXSS Browser Hacking

Quite recently while going through a pentest mission I was faced with a very interesting XSS vulnerability. As I had just finished reading "The tangled Web" and was now reading "The Browser Hacker's Handbook", I decided to exploit the vulnerability in order to hook a browser…

Wargame NDH2K17 Write-up TIME_IS_THE_KEY

This year we participated to the NDH2K17 wargame and arrived at the 16th position with a very small team. Amongst the challenges we managed to flag, one was quite difficult and took a bit of time solving. Hence, we though we should do a small write-up. As the challenge has…

Write Up Intrinsec challenges NDH2K17

This year I attended the NDH2K17 (edition XV). The event was pretty awesome and my friends and I arrived 16th at the wargame with only five people so I was pretty happy about this :) Prior to the wargame, I went on a ctf platform hosted by intrinsec for the event.…

Quick fuzzing with AFL

As part of my projects, I am working on a Network based evolutionary fuzzer which works with Driller and honggfuzz at it's core. It is capable of instrumenting code and symbolic execution. During the course of this project, I was able to work a bit with AFL, probably one of…