Blog

Finding a hidden flag in an Excel spreadsheet using ASCII art on a concealed sheet.

Recovering a flag from a PCAP by fixing corrupted PNG header bytes extracted from an HTTP response.

Extracting exfiltrated data from DNS queries in a PCAP capture using tshark and command-line tools.

Solving a CAPTCHA challenge programmatically using Tesseract OCR and OpenCV in Python.

Decoding morse code strings and submitting answers programmatically using Python.

Automating SHA1 hashing of 800 lines of poetry over a socket connection, handling UTF-8 encoding edge cases.

Solving a timed Base64 encoding challenge using bash scripting and curl.

Converting NATO phonetic alphabet strings back to letters using bash scripting and sed regex.

Solving a timed SHA256 hashing challenge using bash scripting and sha256sum.

Detecting buffer overflow attacks in a custom FTP server by writing Snort rules to catch oversized payloads.

Attacking a Docker container host protected by client SSL certificates via the Docker API.

Writing Snort rules for CVE-2019-14241, an HAProxy cookie header parsing vulnerability.

Incomplete writeup for the TrendMicro custom protocol analysis challenge from ISSessions CTF 2021.

Detecting command injection in a Java Tomcat application that uses exec() for ping, and writing Snort rules to catch it.

Writing Snort rules to detect SQL injection attacks against a PHP login form.

Writeups for challenges from the HackerOne Hacktivity Con CTF 2020, including mobile reversing, Flutter memory dumping, and web exploitation.