I played TokyoWesterns CTF 2020 in team D0G$ (Defenit x zer0pts x GoN x $wag) and we reached 1st place It was an amazing dream collabolation I mainly worked on the pwn tasks and I'm going to write about some of them. The tasks and solver…
競技時間が1時間ちょっとの割にクオリティの高い問題を毎年提供していると噂のTSG LIVE! CTFにyoshikingdomで参加しました。 みなさん気づいていなかったと思いますが、実はyoshikingというユーザーは私でした。 なんかサブマリンしてたみたいになっています…
I was looking forward to playing CSAW CTF Quals 2020 since it was right level for me last year. We played this year's CSAW CTF in zer0pts and reached 11th place. I mainly worked on pwn and rev, and the pwn challenges were good. (I don't li…
はじめに 今年もtheoremoon, yoshikingとでInterKosenCTF*1を開催しました。 前と変わらず初心者〜中級者向けを対象にしました。(どっちかというと中級者向けの問題が多いと思います。) 今年は直前までサーバー周りが燃えていて炭になりそうだったんですが…
PoseidonCTF 1st Edition had been held from August 8th, 17:00 to 9th, 17:00 UTC. I played it in zer0pts and reached 3rd place. Pwn tasks are well-designed but I couldn't solve/check all of them because I had to check forensics and reversing…
I played WMCTF 2020 in DefenitelyZer0 (Defenit x zer0pts) and reached 8th place! WMCTF had been held from August 1st for 48 hours on XCTF platform. (I call it Chinese Mystery Platform.) The challenges I solved were really fun and I learned…
We zer0pts played 3kCTF-2020 which was held from 24 July 2020, 17:00 UTC for 20 hours. There are 5 categories (rev, web, pwn, crypto, misc) and the number of the tasks were well-balanced. I mainly worked on pwn tasks and I felt they were w…
I played UIUCTF 2020, which had been held from July 18th 00:00 UTC for about 48 hours, in zer0pts and we reached 5th place. The overall difficulty was hard but many challenges I solved were fun as well. I mainly worked on pwn and kernel ta…
TSG CTF 2020 had been held from July 11th 07:00 UTC for 24 hours. I played it in DefenitelyZer0, a collabolation team of Defenit and zer0pts, and reached 2nd place. I was one of the pwn members and we solved all the pwn tasks. I got 5 out …
I wrote the 6 pwn tasks of ASIS CTF 2020 Quals. Here is the brief overview of them. Challenge Vulnerability Estimated Difficulty Full Protection stack overflow, fsb warmup babynote integer overflow (to get out-of-bound address write) easy …
We zer0pts played Defenit CTF 2020 and reached 4th place! It was a really amazing CTF! Other members' writeups: furutsuki.hatenablog.com st98.github.io Here is the tasks and solvers for some challenges I solved. bitbucket.org [Pwn 656pts] …
Pwn2Win CTF 2020 had been held from May 30th for 48 hours. I played it in zer0pts and reached 6th place. Especially pwn tasks were a lot of fun! [Pwn 263pts] At Your Command [Pwn 298pts] Tukro [Pwn 340pts] Trusted Node [Web 171pts] A Paylo…
はじめに 5月23日14:00から24時間、初心者向けのSECCON Beginners CTF 2020を開催しました。 といっても全問が初心者向けな訳ではなく、中級者でも難しいと感じるような問題もちらほらあったと思います。 また、CTFを本当に初めて触るという方にとってはBegi…
I played "S㎩mAndFlags Uけimate w呎は屸de C㏊mᒆonship Teaser - ㎩㏚i㎄ Edition" in shibadogs. We reached 6th place :yay: Thank you @SpamAndHex for hosting the CTF! [rev+misc] TAS (1-5) [pwn] Nativity Scene [pwn] Secstore #2 The tasks and …
I played IJCTF 2020 in zer0pts and we got 3rd place. Other member's writeup: st98.github.io [pwn 100pts] Input Checker [pwn 620pts] Babyheap [rev 728pts] Rev 0 [rev 986pts] Rev 2 [forensics 998pts] List Of File Type [rev+web+pwn 1000pts] b…
はじめに 少し前のFireShell CTFでwebkitのexploitを書いたのですが、一部作問ミスを利用して解いたのでexploitを書き直しました。 その際、webkitのセキュリティ機構を2つ回避する必要があったので、それらの回避法について調べました。 この辺は日本語記事…
I played PlaidCTF in shibad0gs and reached 38th place. I'm going to write up the challenges I solved during the CTF. I don't write about "YOU wa SHOCKWAVE" as I mostly guessed the flag. (It was about disassembling shockwave media --> findi…
I played HexionCTF in zer0pts and we got 1st place. The tasks are decent-level, fun and well-designed. Thank you @hexion_team for the nice CTF! Other member's writeup: st98.github.io [Pwn 940pts] WWW [Pwn 988pts] Hangman [Pwn 998pts] Text …
About Yesterday I came up with an idea of a new heap exploitation technique. As far as I googled it, nobody had published the technique yet and I named it "House of Husk." The technique makes it easy to control RIP under the condition that…
はじめに ヒープ大嫌いなのですが、多分まだ誰も公開していないヒープ系exploit手法を思いついたので書きます。 調べても出てこなかったので既出じゃないと信じて「House of Husk」と名前を付けました。 これ系に命名規則があるのか不明だし名前も思いつかな…
FireShell CTF had been held from March 22th JST for 24 hours. I played this CTF in zer0pts and we reached 3rd place. I solved only two pwn tasks and one easy crypto/rev, but the pwn tasks are tough and I'm going to write the solutions for …
SuSeC CTF 2020 had been held from 15th March 06:30 UTC for 36 hours. I wrote 3 pwn tasks for this CTF. (I don't know of any other tasks.) The tasks and solvers are available here: bitbucket.org I hope you enjoyed my pwn challenges :) [182p…
はじめに Kernel Exploitを勉強し初めて2ヶ月ほどが経ちました。 やっていて思うのは、カーネルランドのUAFやヒープオーバーフローなどは非常に強力だということです。 しかし、脆弱なドライバが提供する機能以外に、カーネルや他のドライバが提供する機能を…
I played CONFidence CTF 2020 in zer0pts. We got 786pts in total and reached 19th place. It was pretty hard but a fun CTF. Other members' writeups: st98.github.io Files and solvers for some challenges: bitbucket.org [misc 37pts] Hidden Flag…
はじめに 去年に続き、今年もyoshi-campがありました。 今年はコロナ殿の影響でDiscordを使ってリモートで講義をしました。 今回は、ふるつきがLLLの理論を、yoshikingがLLLの実践を講義してくれました。 私は楕円曲線暗号の攻撃手法を出来る限りたくさんス…
はじめに Kernel Exploitを初めて1ヶ月半くらいが経ちましたが、カーネルランドはデバッグが大変なので「なぜかexploitが動かない」ってなったときのチェックリストを作りました。 僕は大量に時間を溶かしたのですが、皆はこんな人間にならないでね。 ユーザ…
はじめに 2020年03月07日00:00から09日00:00 UTCにzer0pts CTF 2020を開催しました。 今回はいままでと違い、zer0ptsで開催したという点と、CTFtimeに載せたという点で初だったので緊張感がありました。 開催記を残すとともに、CTFtimeに載せる手順や攻撃へ…
はじめに Global Cybersecurity Camp 2020が2月9日から15日までの1週間、船橋で開催されました。 残念ながら謎のウイルスの影響で韓国は参加しませんでしたが、他の国は全参加で開催されました。 講義資料とかは公開したらダメなやつなので、あまり詳しく書…
I played Codegate CTF 2020 in shibad0gs. I was busy for another upcoming event and couldn't work on it full time but I solved some challenges and we reached 30th place. As the challenge doesn't have category, I randomly picked up tasks. [3…
HackTM CTF was held from February 1st to 3rd for 48 hours. I played it in zer0pts and we reached to 8th place. Thank you @WreckTheLine for hosting the CTF! The tasks and solvers for some challenges I solved are available here: bitbucket.or…