はじめに 第一部 Z3を完全に理解しよう by ptr-yudai 第二部 BKZで勝つ by mitsu LLLの復習 HKZ(Hermite-Korkine-Zolotareff)簡約 逐次最小の数え上げ BKZ簡約 第三部 LLLで殴る(2) by theoremoon Coppersmithの定理 LCG LWE 幻の第四部 PRNGと戯れる おわり…

24時間のHarekaze mini CTF*1 2020が開催されました。 zer0ptsとして参加しましたが、作問陣にいたり忙しかったりで参加できないメンバーが多かったのでチーム名を「yoshiking*2と愉快な仲間たち」にすれば良かったと後悔しています。 難易度は比較的易しめ…

Last weekend I played HackTM CTF Finals 2020, the Finals event of HackTM CTF Quals 2020, in zer0pts and we won the CTF I mostly worked on pwn, forensics and few reversing tasks. Especially the pwn tasks were well-designed and I reaperhaops…

はじめに Fuzzingの概念 なぜ自分でFuzzerを書くのか 実際に問題を解く dual - ユーザーランドプログラムのFuzzing Step 1. Fuzzerの方針を立てる Step 2. テストケースを最適化する Step 3. 問題を解く spark - カーネルドライバのFuzzing Step 1. Fuzzerの…

pbctf 2020 had been held from December 5th 00:00 UTC for 48 hours. I played it in zer0pts and we won the CTF I mainly worked on the pwn tasks. Every pwn task was very hard (except for Amazing ROP) and there were something to learn. I reall…

Layer7 CTF had been helf on 14th November. It was a 15-hour individual competition. I played it as retsuko and reached 2nd place. Same as last year, the challenges were well-designed and I enjoyed them! And same as last year, I couldn't so…

BingoCTF took place from 12th Nov, 09:00 KST for 24 hours. This CTF is a new-style competition for individuals. The score is calculated based on the number of bingo you made and the time you used to make bingo. We have 5 hours to solve the…

I wrote some challenges for this year's SECCON CTF. SECCON was famous for providing some crappy challenges but they eliminated those crappy-challenge authors this year XD Congratulations to HangulSarang, perfect blue, and MSLC! Thank you f…

I played TokyoWesterns CTF 2020 in team D0G$ (Defenit x zer0pts x GoN x $wag) and we reached 1st place It was an amazing dream collabolation I mainly worked on the pwn tasks and I'm going to write about some of them. The tasks and solver…

競技時間が1時間ちょっとの割にクオリティの高い問題を毎年提供していると噂のTSG LIVE! CTFにyoshikingdomで参加しました。 みなさん気づいていなかったと思いますが、実はyoshikingというユーザーは私でした。 なんかサブマリンしてたみたいになっています…

I was looking forward to playing CSAW CTF Quals 2020 since it was right level for me last year. We played this year's CSAW CTF in zer0pts and reached 11th place. I mainly worked on pwn and rev, and the pwn challenges were good. (I don't li…

はじめに 今年もtheoremoon, yoshikingとでInterKosenCTF*1を開催しました。 前と変わらず初心者〜中級者向けを対象にしました。（どっちかというと中級者向けの問題が多いと思います。） 今年は直前までサーバー周りが燃えていて炭になりそうだったんですが…

PoseidonCTF 1st Edition had been held from August 8th, 17:00 to 9th, 17:00 UTC. I played it in zer0pts and reached 3rd place. Pwn tasks are well-designed but I couldn't solve/check all of them because I had to check forensics and reversing…

I played WMCTF 2020 in DefenitelyZer0 (Defenit x zer0pts) and reached 8th place! WMCTF had been held from August 1st for 48 hours on XCTF platform. (I call it Chinese Mystery Platform.) The challenges I solved were really fun and I learned…

We zer0pts played 3kCTF-2020 which was held from 24 July 2020, 17:00 UTC for 20 hours. There are 5 categories (rev, web, pwn, crypto, misc) and the number of the tasks were well-balanced. I mainly worked on pwn tasks and I felt they were w…

I played UIUCTF 2020, which had been held from July 18th 00:00 UTC for about 48 hours, in zer0pts and we reached 5th place. The overall difficulty was hard but many challenges I solved were fun as well. I mainly worked on pwn and kernel ta…

TSG CTF 2020 had been held from July 11th 07:00 UTC for 24 hours. I played it in DefenitelyZer0, a collabolation team of Defenit and zer0pts, and reached 2nd place. I was one of the pwn members and we solved all the pwn tasks. I got 5 out …

I wrote the 6 pwn tasks of ASIS CTF 2020 Quals. Here is the brief overview of them. Challenge Vulnerability Estimated Difficulty Full Protection stack overflow, fsb warmup babynote integer overflow (to get out-of-bound address write) easy …

We zer0pts played Defenit CTF 2020 and reached 4th place! It was a really amazing CTF! Other members' writeups: furutsuki.hatenablog.com st98.github.io Here is the tasks and solvers for some challenges I solved. bitbucket.org [Pwn 656pts] …

Pwn2Win CTF 2020 had been held from May 30th for 48 hours. I played it in zer0pts and reached 6th place. Especially pwn tasks were a lot of fun! [Pwn 263pts] At Your Command [Pwn 298pts] Tukro [Pwn 340pts] Trusted Node [Web 171pts] A Paylo…

はじめに 5月23日14:00から24時間、初心者向けのSECCON Beginners CTF 2020を開催しました。 といっても全問が初心者向けな訳ではなく、中級者でも難しいと感じるような問題もちらほらあったと思います。 また、CTFを本当に初めて触るという方にとってはBegi…

I played "S㎩mAndFlags Uけimate w呎は屸de C㏊mᒆonship Teaser - ㎩㏚i㎄ Edition" in shibadogs. We reached 6th place :yay: Thank you @SpamAndHex for hosting the CTF! [rev+misc] TAS (1-5) [pwn] Nativity Scene [pwn] Secstore #2 The tasks and …

I played IJCTF 2020 in zer0pts and we got 3rd place. Other member's writeup: st98.github.io [pwn 100pts] Input Checker [pwn 620pts] Babyheap [rev 728pts] Rev 0 [rev 986pts] Rev 2 [forensics 998pts] List Of File Type [rev+web+pwn 1000pts] b…

はじめに 少し前のFireShell CTFでwebkitのexploitを書いたのですが、一部作問ミスを利用して解いたのでexploitを書き直しました。 その際、webkitのセキュリティ機構を2つ回避する必要があったので、それらの回避法について調べました。 この辺は日本語記事…

I played PlaidCTF in shibad0gs and reached 38th place. I'm going to write up the challenges I solved during the CTF. I don't write about "YOU wa SHOCKWAVE" as I mostly guessed the flag. (It was about disassembling shockwave media --> findi…

I played HexionCTF in zer0pts and we got 1st place. The tasks are decent-level, fun and well-designed. Thank you @hexion_team for the nice CTF! Other member's writeup: st98.github.io [Pwn 940pts] WWW [Pwn 988pts] Hangman [Pwn 998pts] Text …

About Yesterday I came up with an idea of a new heap exploitation technique. As far as I googled it, nobody had published the technique yet and I named it "House of Husk." The technique makes it easy to control RIP under the condition that…

はじめに ヒープ大嫌いなのですが、多分まだ誰も公開していないヒープ系exploit手法を思いついたので書きます。 調べても出てこなかったので既出じゃないと信じて「House of Husk」と名前を付けました。 これ系に命名規則があるのか不明だし名前も思いつかな…

FireShell CTF had been held from March 22th JST for 24 hours. I played this CTF in zer0pts and we reached 3rd place. I solved only two pwn tasks and one easy crypto/rev, but the pwn tasks are tough and I'm going to write the solutions for …

SuSeC CTF 2020 had been held from 15th March 06:30 UTC for 36 hours. I wrote 3 pwn tasks for this CTF. (I don't know of any other tasks.) The tasks and solvers are available here: bitbucket.org I hope you enjoyed my pwn challenges :) [182p…