Introduction We (Kalmarunionen) firstblooded the Leakless Note challenge during the SekaiCTF 2023. Only four teams solved the challenge during the competition. This is our write-up of the working - yet, unintended solution. TL;DR: We open 50 tabs and can use the timing difference from an iframe CSP violation in the …

Summary This is a detailed writeup for the “IFUCKUP” challenge at the DEF CON CTF 2023 Qualifiers that I solved together with several team members from Norsecode (a collaboration of several CTF teams, including Kalmarunionen). The challenge binary that had to be exploited permits a buffer overflow on the …

Summary This is a writeup for the “Unlimited Braid Works” challenge by mitsu at zer0pts CTF 2023. This challenge involved non-commutative group theory, and in particular braid groups. We were the first team to solve this challenge, which 6 teams solved in total. Solved by: shalaamum Writeup by: shalaamum …

Summary This is a writeup for the “anti Kerckhoffs” challenge at the Codegate 2023 Preliminaries. This challenge was built around basic abstract algebra, exploiting e.g. that evaluation of quadratic polynomials is not bijective and information about them can be recovered by comparing the cardinality of …

Summary This is a writeup for the “babyPQ” challenge by mr96 at m0leCon Teaser 2023. We were the first team to solve this challenge, with a total of 7 solves. This challenge involved lots of probabilities; there was a Feistel cipher involving S-boxes whose output bits satisfy a linear relation with high …

Summary This is a writeup for the “Collisions” challenge by mr96 at m0leCon Teaser 2023. We were the first team to solve this challenge, which had a total of 4 solves. In this challenge we had to find a second preimage for a custom hash function. Solution by: shalaamum Writeup by: shalaamum Writeup first …

Summary This challenge used garbled circuits. They have a cryptographic application, which is however irrelevant for understanding this challenge and solution. Essentially we get the bits of the flag xored by random key we do not know, but we can also define some logical gates that take the flag bits as inputs, and get …

Writeup by: andyandpandy, Anakin Solved by: Fr3d, c3lphie, Anakin, andyandpandy, patriksletmo, ly4k and more Writeup This challenge took us 21 hours to solve. Only 3 out of 524 teams solved it. Overview The challenge included a scenario where we had arbitrary javascript execution on a website. From here we were able to …

Revver, Midnight Sun CTF writeup Solved by: zzz, Zopazz Writeup by: Zopazz Description: Automated reversing is a solved problem, right. Writeup General challenge information In this challenge we were provided with a netcat session, which would respond with one of 20 random dynamically generated shellcodes encoded as …

kgbfskfsb, MidnightSun CTF writeup Writeup by: Nigma, nrabulinski Solved by: sebastianpc, Eldar Zeynalli (Hako), nrabulinski, Nigma Description: DeNiS Sergeev wants a secret mission payload… Attachments: kgbfskfsb.tar.gz The challenge description pretty clearly hints towards DNS stuff and sure enough, after …