Welcome to my personal corner of the Internet!
Here you’ll find all of my security research and CTF writeups in one place! For more about me, check out the about me section!

deadface ctf 2021 writeups

The coolest part of this blog post may be the CTF art! DEADFACE CTF was great, with many of the challenges being a mixture of things to do. The CTF had this phased thing going on, so challenges were gradually released in 5 phases. I wasn’t too fond of that, especially as a non-US player where our prime time often had no challenges left. Here are some of the challenges I solved playing for Hack South, where we managed to get 11th place out of 1195 teams that scored. ...

October 17, 2021 · 6 min · Leon Jacobs

hackthebox business ctf 2021 writeups

The HackTheBox Business CTF 2021 ran this weekend, and I played with a few colleagues at Orange Cyberdefense / SensePost. We managed to score 5th place amongst 374 other teams! The team consisted of (those with twitterz!): felmoltor, JCoertze, TH3_GOAT_FARM3R, Titanex8, _cablethief, gav1no_ and GMILTE. ...

July 26, 2021 · 18 min · Leon Jacobs

DawgCTF 2021

foreword DawgCTF 20201 was the first CTF I played together with some local people much smarter than me over at Hack South. We managed to grab 28th place too. I only solved three challenges with the time I had in the morning (of which one was a dupe because reading is hard :P). solutions reversing - calculator Category: Reversing Points: 50 Files: Windows PE This was the duplicate challenge, but I’m writing up how I did it anyways....

May 9, 2021 · 5 min · Leon Jacobs

hack the box - cyber apocalypse ctf '21

foreword The HTB Cyber Apocalypse 2021 event was a nice and polished CTF. Apart from the usual start time load issues, everything ran pretty smoothly with nearly zero issues my side. Kudo’s HTB! Here are the solutions for the ~20 challenges I managed to solve. solutions category - web - BlitzProp Category: Web Difficulty: 1/4 Files: Web app source & build env The challenge landing page already had a hint in the “ASTa la vista baby” song....

April 24, 2021 · 19 min · Leon Jacobs

NahamCon2021 CTF - IoT Itchy & Scratchy SecureIoT Co

category iot - hard solution unfortunately the infra was down by the time I got to the writeup We’re given an IP and credentials, along with a reference to mosquito. There was also a URL that accepted a username, a password and OTP. I used MQTT Explorer to connect to the mosquito server. With a bit of patience, an office topic received a message with a “u” and “p” flag, base64 encoded....

March 15, 2021 · 1 min · Leon Jacobs

NahamCon2021 CTF - Microscopium

category mobile - medium solution This was a fun one. We get an .apk to download. Open it in jadx and quickly see this is a React App. package com.microscopium; import com.facebook.react.ReactActivity; public class MainActivity extends ReactActivity { /* access modifiers changed from: protected */ @Override // com.facebook.react.ReactActivity public String getMainComponentName() { return "Microscopium"; } } Being React, I expected a large chunk of the logic to be in a JavaScript file, which could be found in the resources section....

March 15, 2021 · 2 min · Leon Jacobs

NahamCon2021 CTF - Resourceful

category mobile - easy solution We get an .apk to download. Open it in jadx. And check the com.congon4tor.resourceful.FlagActivity class. There is a reference to the string flag{ and resource called md5. Checking out the resources section, the md5 is revealed to complete the flag.

March 15, 2021 · 1 min · Leon Jacobs

NahamCon2021 CTF - Andra

category mobile - easy solution We get an .apk to download. Open it in jadx. And check the com.example.hack_the_app.MainActivity class. Run the app in a simulator (or a phone whatever you want), enter the credentials and find the flag.

March 15, 2021 · 1 min · Leon Jacobs

NahamCon2021 CTF - Ret2basic

category binary exploitation - easy solution The file we download is a ELF executable. $ file ret2basic ret2basic: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=3ca85eae693fed659275c0eed9c313e7f0083b85, for GNU/Linux 4.4.0, not stripped Running it hints the vuln. $ ./ret2basic Can you overflow this?: AAAA Nope :( $ $ ./ret2basic Can you overflow this?: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA [1] 9615 segmentation fault ./ret2basic $ Disassembling the binary, we find that main() eventually calls vuln where the overflow exists....

March 15, 2021 · 2 min · Leon Jacobs

NahamCon2021 CTF - Asserted

category web - medium solution The challenge URL dropped us on a page related to fitness, with not a lot of interesting interactions. Navigating the pages you’d see a URL scheme where a page parameter is set. Eg: page=about. An about.php also exists, so this was potentially vuln to LFI. Using .. in the page parameter resulted in a warning message indicating that some filtering was taking place....

March 15, 2021 · 2 min · Leon Jacobs