I wrote some challenges for this year's SECCON CTF. SECCON was famous for providing some crappy challenges but they eliminated those crappy-challenge authors this year XD Congratulations to HangulSarang, perfect blue, and MSLC! Thank you f…

I played TokyoWesterns CTF 2020 in team D0G$ (Defenit x zer0pts x GoN x $wag) and we reached 1st place It was an amazing dream collabolation I mainly worked on the pwn tasks and I'm going to write about some of them. The tasks and solver…

競技時間が1時間ちょっとの割にクオリティの高い問題を毎年提供していると噂のTSG LIVE! CTFにyoshikingdomで参加しました。 みなさん気づいていなかったと思いますが、実はyoshikingというユーザーは私でした。 なんかサブマリンしてたみたいになっています…

I was looking forward to playing CSAW CTF Quals 2020 since it was right level for me last year. We played this year's CSAW CTF in zer0pts and reached 11th place. I mainly worked on pwn and rev, and the pwn challenges were good. (I don't li…

PoseidonCTF 1st Edition had been held from August 8th, 17:00 to 9th, 17:00 UTC. I played it in zer0pts and reached 3rd place. Pwn tasks are well-designed but I couldn't solve/check all of them because I had to check forensics and reversing…

I played WMCTF 2020 in DefenitelyZer0 (Defenit x zer0pts) and reached 8th place! WMCTF had been held from August 1st for 48 hours on XCTF platform. (I call it Chinese Mystery Platform.) The challenges I solved were really fun and I learned…

We zer0pts played 3kCTF-2020 which was held from 24 July 2020, 17:00 UTC for 20 hours. There are 5 categories (rev, web, pwn, crypto, misc) and the number of the tasks were well-balanced. I mainly worked on pwn tasks and I felt they were w…

I played UIUCTF 2020, which had been held from July 18th 00:00 UTC for about 48 hours, in zer0pts and we reached 5th place. The overall difficulty was hard but many challenges I solved were fun as well. I mainly worked on pwn and kernel ta…

TSG CTF 2020 had been held from July 11th 07:00 UTC for 24 hours. I played it in DefenitelyZer0, a collabolation team of Defenit and zer0pts, and reached 2nd place. I was one of the pwn members and we solved all the pwn tasks. I got 5 out …

I wrote the 6 pwn tasks of ASIS CTF 2020 Quals. Here is the brief overview of them. Challenge Vulnerability Estimated Difficulty Full Protection stack overflow, fsb warmup babynote integer overflow (to get out-of-bound address write) easy …

We zer0pts played Defenit CTF 2020 and reached 4th place! It was a really amazing CTF! Other members' writeups: furutsuki.hatenablog.com st98.github.io Here is the tasks and solvers for some challenges I solved. bitbucket.org [Pwn 656pts] …

Pwn2Win CTF 2020 had been held from May 30th for 48 hours. I played it in zer0pts and reached 6th place. Especially pwn tasks were a lot of fun! [Pwn 263pts] At Your Command [Pwn 298pts] Tukro [Pwn 340pts] Trusted Node [Web 171pts] A Paylo…

はじめに 5月23日14:00から24時間、初心者向けのSECCON Beginners CTF 2020を開催しました。 といっても全問が初心者向けな訳ではなく、中級者でも難しいと感じるような問題もちらほらあったと思います。 また、CTFを本当に初めて触るという方にとってはBegi…

I played "S㎩mAndFlags Uけimate w呎は屸de C㏊mᒆonship Teaser - ㎩㏚i㎄ Edition" in shibadogs. We reached 6th place :yay: Thank you @SpamAndHex for hosting the CTF! [rev+misc] TAS (1-5) [pwn] Nativity Scene [pwn] Secstore #2 The tasks and …

I played IJCTF 2020 in zer0pts and we got 3rd place. Other member's writeup: st98.github.io [pwn 100pts] Input Checker [pwn 620pts] Babyheap [rev 728pts] Rev 0 [rev 986pts] Rev 2 [forensics 998pts] List Of File Type [rev+web+pwn 1000pts] b…

I played PlaidCTF in shibad0gs and reached 38th place. I'm going to write up the challenges I solved during the CTF. I don't write about "YOU wa SHOCKWAVE" as I mostly guessed the flag. (It was about disassembling shockwave media --> findi…

I played HexionCTF in zer0pts and we got 1st place. The tasks are decent-level, fun and well-designed. Thank you @hexion_team for the nice CTF! Other member's writeup: st98.github.io [Pwn 940pts] WWW [Pwn 988pts] Hangman [Pwn 998pts] Text …

About Yesterday I came up with an idea of a new heap exploitation technique. As far as I googled it, nobody had published the technique yet and I named it "House of Husk." The technique makes it easy to control RIP under the condition that…

はじめに ヒープ大嫌いなのですが、多分まだ誰も公開していないヒープ系exploit手法を思いついたので書きます。 調べても出てこなかったので既出じゃないと信じて「House of Husk」と名前を付けました。 これ系に命名規則があるのか不明だし名前も思いつかな…

FireShell CTF had been held from March 22th JST for 24 hours. I played this CTF in zer0pts and we reached 3rd place. I solved only two pwn tasks and one easy crypto/rev, but the pwn tasks are tough and I'm going to write the solutions for …

SuSeC CTF 2020 had been held from 15th March 06:30 UTC for 36 hours. I wrote 3 pwn tasks for this CTF. (I don't know of any other tasks.) The tasks and solvers are available here: bitbucket.org I hope you enjoyed my pwn challenges :) [182p…

I played CONFidence CTF 2020 in zer0pts. We got 786pts in total and reached 19th place. It was pretty hard but a fun CTF. Other members' writeups: st98.github.io Files and solvers for some challenges: bitbucket.org [misc 37pts] Hidden Flag…

はじめに Kernel Exploitを初めて1ヶ月半くらいが経ちましたが、カーネルランドはデバッグが大変なので「なぜかexploitが動かない」ってなったときのチェックリストを作りました。 僕は大量に時間を溶かしたのですが、皆はこんな人間にならないでね。 ユーザ…

はじめに 2020年03月07日00:00から09日00:00 UTCにzer0pts CTF 2020を開催しました。 今回はいままでと違い、zer0ptsで開催したという点と、CTFtimeに載せたという点で初だったので緊張感がありました。 開催記を残すとともに、CTFtimeに載せる手順や攻撃へ…

I played Codegate CTF 2020 in shibad0gs. I was busy for another upcoming event and couldn't work on it full time but I solved some challenges and we reached 30th place. As the challenge doesn't have category, I randomly picked up tasks. [3…

HackTM CTF was held from February 1st to 3rd for 48 hours. I played it in zer0pts and we reached to 8th place. Thank you @WreckTheLine for hosting the CTF! The tasks and solvers for some challenges I solved are available here: bitbucket.or…

こんなCTFがあったんで参加しようと思ったのですが、こんなツイートを見て作問お手伝いすることにしました。 作問に参加した時点では割と自明問が多く、某氏とか某氏に即全完されそうな感じだったので、私は若干難しめのものを作りました。 といっても初心者…

I played Insomni'hack teaser 2020 in shibad0gs. There're only 1 misc, 1 rev, 1 forensics, 3 crypto and 4 web. We solved 4 tasks in the first 4 hours and that's it lol. As the web tasks are too guessy, I just solved the misc, forensics and …

はじめに 今日サイバーセキュリティ系LT会というのに参加したのですが、そこでhamaさんが発表されていたgoの処理系がunsafeな話が面白かったので、解説されていた問題を解こうと思います。 内容はgoには標準でdata raceが存在し、任意のgoコードが実行出来る…

Contrail CTFが12月30日から1月4日まで開催され、zer0ptsで参加しました。 全体で4786点を獲得して1位でした。 解いた問題のwriteupを簡単に書きます。 [pwn 100pts] welcomechain [pwn 304pts] instant_httpserver [pwn 356pts] babyheap [pwn 100pts] poke…