DEFCON 2013 Quals - bitterswallow20. November 2014
A copy of our exploit of bitterswallow of the DEFCON 2013 qualification round. No additional write-up or explanations besides our exploits.
A Brief Analysis of the ISIS/ISIL Defacement Campaign6. November 2014
An analysis of a defacement campaign by the prominent defacer group Team System Dz, supporters of the Islamic State of Iraq and the Levant / and Syria, a free Palestine, and opposed to Israel. Team System Dz defaced over 2,800 websites, including in the United Kingdom, the Netherlands, Germany, Spain, and France in the past 11 months to show political and religious messages.
hack.lu 2013 - Web 150: Robots Exclusion Committee24. October 2013
A short write-up of the web 150 challenge "Robots Exclusion Committee" of the Hack.lu 2013 Capture the Flag competition. A straight-forward SQL injection in the username of a HTTP authentication prompt.
CSAW 2013 Quals - Web 400: CryptoMatv22. October 2013
A quick write-up of EpicPhail/shellphish's solution to the second web 400 challenge of the CSAW 2013 qualification round: an indirect SQL injection via a server-side AES128-CBC encrypted plaintext.
CSAW 2013 Quals - Exploitation 500: SCP-hack24. September 2013
A more exhausitive write-up on how we approached and solved Exploitation 500: SCP hack. Including how we visited the website from 7 of the required countries and two approaches that we followed but that ultimatelly failed to yield the key.
CSAW 2013 Quals - Web 400: Widget Corp22. September 2013
Write-up of the first web 400 challenge of the CSAW 2013 qualification round, a SQL Injection via a cookie value that stores a serialized PHP array.
CSAW 2013 Quals - Misc 50/50/300: Life22. September 2013
A plain and simple write-up of 3 of the miscellaneous challenges from the CSAW CTF 2013 qualification round.