Iscara

TISC is a two-week online sequential style CTF competition hosted by CSIT, where participants solve a series of 12 challenges. Over 1300 participants took on the challenges, with the top three levels of challenges having a cash prize pool of $10,000 each to be shared between participants who’ve successfully cleared the respective levels. I was given the opportunity to create the challenge at level 7, a Web3 reverse engineering/binary exploitation challenge. I’ll be sharing the writeup,...

Cyberthon is an annual CTF competition targeted towards JC students in Singapore. This year, I had the opportunity to author a challenge for the web category: The Galaxy’s Best Smuggler. At the end of this writeup are my thoughts on challenge creation. Challenge 📘 Challenge description: “Ever heard of sabacc?” “I’ve played it a couple times.” You eye the stifling pile of credit on Lando’s side of the table, allowing yourself a wry smile. “Having a good day, I reckon.” “Oh, you ain’t seen...

I participated under team youtiaos and we ended 1st place local. I was solving in the web and misc categories. The specific challenges I solved are in the image below. I’ll update this writeup with the flags once the challenges are back up. Web ChallengesBaby WebThe website uses Flask session cookies but the secret key is given unchanged in the source code. Sign another cookie with is_admin=True and proceed to spend 10 minutes finding for a hidden element on the admin page to get the flag....

This CTF happened during my midterms and I didn’t really have the luxury of time to look at some of the later challenges. I participated under team youtiaos, and we ended 97th place out of 5694 teams. Lightning RoundTimeKORP - Trivial command injection in format parameterKORP terminal - SQLmap + bcrypt hash cracking Labyrinth LinguistWe’re given a Java application using the Apache Velocity templating engine. We have user controlled input via textString that we can inject Velocity templates...

TISC is a two-week online sequential style CTF competition hosted by CSIT, where participants solve a series of 10 challenges. Over 1000 participants took on the challenges, with the top three levels of challenges having a cash prize pool of $10,000 each to be shared between participants who successfully cleared the respective levels. I was given the opportunity to create the challenge at level 8, and I’ll be sharing the writeup as well as a few of my thoughts at the end of the blog...

Cyberthon is an annual CTF competition targeted towards JC students in Singapore, jointly organised by HCI, CSIT, and the DIS. This year, I had the opportunity to author a challenge for the data science category, and Astockalypse was what I came up with. At the end of this writeup are my thoughts before, during and after challenge creation, and how I could’ve improved from a creative and a technical standpoint. Challenge 📘 Challenge description: One of your agents has found a proprietary...