Security professional, developer, and CTF enthusiast. Writeups, notes, and thoughts on security and software.https://jamiesinn.ca/https://jamiesinn.ca/blog/issctf-excelproficiency/https://jamiesinn.ca/blog/issctf-excelproficiency/Finding a hidden flag in an Excel spreadsheet using ASCII art on a concealed sheet.Wed, 31 Mar 2021 00:00:00 GMTctfwriteupsteganographyhttps://jamiesinn.ca/blog/issctf-plaintextprotocols/https://jamiesinn.ca/blog/issctf-plaintextprotocols/Recovering a flag from a PCAP by fixing corrupted PNG header bytes extracted from an HTTP response.Wed, 31 Mar 2021 00:00:00 GMTctfwriteupforensicspcaphttps://jamiesinn.ca/blog/issctf-dns-exfiltration/https://jamiesinn.ca/blog/issctf-dns-exfiltration/Extracting exfiltrated data from DNS queries in a PCAP capture using tshark and command-line tools.Wed, 31 Mar 2021 00:00:00 GMTctfwriteupforensicsdnshttps://jamiesinn.ca/blog/issctf-image1/https://jamiesinn.ca/blog/issctf-image1/Solving a CAPTCHA challenge programmatically using Tesseract OCR and OpenCV in Python.Wed, 31 Mar 2021 00:00:00 GMTctfwriteupprogrammingpythonhttps://jamiesinn.ca/blog/issctf-programming-morse/https://jamiesinn.ca/blog/issctf-programming-morse/Decoding morse code strings and submitting answers programmatically using Python.Wed, 31 Mar 2021 00:00:00 GMTctfwriteupprogrammingpythonhttps://jamiesinn.ca/blog/issctf-programming-poetry/https://jamiesinn.ca/blog/issctf-programming-poetry/Automating SHA1 hashing of 800 lines of poetry over a socket connection, handling UTF-8 encoding edge cases.Wed, 31 Mar 2021 00:00:00 GMTctfwriteupprogrammingpythonhttps://jamiesinn.ca/blog/issctf-programming-base64/https://jamiesinn.ca/blog/issctf-programming-base64/Solving a timed Base64 encoding challenge using bash scripting and curl.Wed, 31 Mar 2021 00:00:00 GMTctfwriteupprogrammingbashhttps://jamiesinn.ca/blog/issctf-programming-natochallenge/https://jamiesinn.ca/blog/issctf-programming-natochallenge/Converting NATO phonetic alphabet strings back to letters using bash scripting and sed regex.Wed, 31 Mar 2021 00:00:00 GMTctfwriteupprogrammingbashhttps://jamiesinn.ca/blog/issctf-programming-sha256/https://jamiesinn.ca/blog/issctf-programming-sha256/Solving a timed SHA256 hashing challenge using bash scripting and sha256sum.Wed, 31 Mar 2021 00:00:00 GMTctfwriteupprogrammingbashhttps://jamiesinn.ca/blog/issctf-trend-baaaaaaadcommand/https://jamiesinn.ca/blog/issctf-trend-baaaaaaadcommand/Detecting buffer overflow attacks in a custom FTP server by writing Snort rules to catch oversized payloads.Wed, 31 Mar 2021 00:00:00 GMTctfwriteupsnortbuffer-overflowhttps://jamiesinn.ca/blog/issctf-securitycompass-trustnoone/https://jamiesinn.ca/blog/issctf-securitycompass-trustnoone/Attacking a Docker container host protected by client SSL certificates via the Docker API.Wed, 31 Mar 2021 00:00:00 GMTctfwriteupdockersslhttps://jamiesinn.ca/blog/issctf-trend-thisistherealdeal/https://jamiesinn.ca/blog/issctf-trend-thisistherealdeal/Writing Snort rules for CVE-2019-14241, an HAProxy cookie header parsing vulnerability.Wed, 31 Mar 2021 00:00:00 GMTctfwriteupsnortcvehttps://jamiesinn.ca/blog/issctf-trend-whowritesownprotocols/https://jamiesinn.ca/blog/issctf-trend-whowritesownprotocols/Incomplete writeup for the TrendMicro custom protocol analysis challenge from ISSessions CTF 2021.Wed, 31 Mar 2021 00:00:00 GMTctfwriteupsnorthttps://jamiesinn.ca/blog/issctf-trend-nocommandonlyflag/https://jamiesinn.ca/blog/issctf-trend-nocommandonlyflag/Detecting command injection in a Java Tomcat application that uses exec() for ping, and writing Snort rules to catch it.Wed, 31 Mar 2021 00:00:00 GMTctfwriteupsnortcommand-injectionhttps://jamiesinn.ca/blog/issctf-trend-bestloginsystem/https://jamiesinn.ca/blog/issctf-trend-bestloginsystem/Writing Snort rules to detect SQL injection attacks against a PHP login form.Wed, 31 Mar 2021 00:00:00 GMTctfwriteupsnortsqlihttps://jamiesinn.ca/blog/hacktivity-ctf-2020/https://jamiesinn.ca/blog/hacktivity-ctf-2020/Writeups for challenges from the HackerOne Hacktivity Con CTF 2020, including mobile reversing, Flutter memory dumping, and web exploitation.Mon, 03 Aug 2020 00:00:00 GMTctfwriteupmobilereverse-engineering