Kalmarunionen
Writeups icon
ASIS CTF - xtr BambooFox CTF: The Vault BSidesSF 2021: Log 'em All De Danske Cybermesterskaber: 80s Commitments De Danske Cybermesterskaber: Kuuuurveen FaustCTF 2021 - Attack & Defense - thelostbottle Hack.lu CTF - Nodenb LKVM Escape MidnightSun Quals: kgbfskfsb MidnightSun Quals: Revver Pwn2win - Hackus Qiling Sandbox Escape Real World CTF 4th: Secured Java SekaiCTF 2023 - Leakless Note Sudo Exploit Writeup Union CTF 2021: Cr0wnAir
Become a member
About
  • BSidesSF 2021: Log 'em All

    Mar 20, 2021 c++ use-after-free

    Challenge Description (967 points) Play to win and log ’em all! Once you’ve seen all 151 Asciimon, talk to Professor Jack for the flag. We’ve included some data for the first couple rooms, you’ll have to figure out the rest yourself! nc -v logemall-a2db138b.challenges.bsidessf.net 666 (author: …

    Read More
  • Union CTF 2021: Cr0wnAir

    Feb 25, 2021

    Writeup by: Nicolai Søborg Cr0wnAir TL;DR - bypassing a filter to generate two JWTs (RS256). Finding e and N from the two signatures and forge an arbitrary JWT (HS256). Step 1: Getting two RS256 signatures To get a signature we need to bypass a filter validated by jpv (“JSON Pattern Validator”). This …

    Read More
  • Sudo Exploit Writeup

    Jan 29, 2021 sudo

    Writeup by: Zanderdk Introduction On the 2021-01-26 qualy released this article describing a “new” (actually 10 year old) bug in sudo that allows an attacker to do privilege escalation though a heap buffer overflow. Unfortunately they did not release exploit/POC so I decided to build one myself and failed. …

    Read More
  • BambooFox CTF: The Vault

    Jan 18, 2021

    The Vault The challenge is a simple HTML file with a keypad that allows you to input 4 digit pin. The file loads main.js and calls Module.ccall('validate') to check the pin. Upon beautifying the JS we see that it calls run() which in turns runs: preRun(); initRuntime(); // => __wasm_call_ctors => …

    Read More
  • Winners of NC3 CTF 2020

    Dec 17, 2020

    Every year since 2017 the Danish National Cyber Crime Center (NC3) arranges a christmas CTF. 2020 was the first year where Kalmarunionen particpated and what a year! The challenges were released on November 27th and by the evening November 28th we managed to be the first team to solve all of them. It did not go down …

    Read More
  • Become a member

    Dec 12, 2020

    As a relatively new team based in Denmark, we are currently limiting our recruitment focus to experienced players either based in Denmark, or who otherwise have strong ties to Scandinavia, as well as those who are invited by current team members. If you are interested in playing with Kalmarunionen, simply write us an …

    Read More
  • About Kalmarunionen

    Nov 10, 2020

    Kalmarunionen is the result of a lot of CTF teams uniting - primarily Danish. We have done this as it is hard to keep the commitment when being part of a small team of only a few players - the team is very vulnerable in case a single or two members decides to leave. With Kalmarunionen we intend on being a bigger team …

    Read More
    • ««
    • «
    • 1
    • 2
    • 3
    • »
    • »»

Recent Posts

  • Welcome to Kalmarunionen
  • SekaiCTF 2023 - Leakless Note
  • DEF CON CTF 2023 Qualifiers - IFUCKUP
  • zer0pts CTF 2023 - Unlimited Braid Works
  • Codegate CTF 2023 Preliminary - anti Kerckhoffs
  • m0leCon Teaser 2023 - babyPQ
  • m0leCon Teaser 2023 - Collisions
  • ångstromCTF 2023 - snap circuits

Categories

WRITEUPS 17 DDC-2021 2 MIDNIGHTSUN 2 BSIDESSF-2021-CTF 1 FAUST-CTF-2021 1 HACK.LU-CTF 1 HXP 1 REAL-CVE 1 REAL-WORLD-CTF 1 SEKAICTF-2023 1

Tags

CRYPTO 8 WEB 5 RACE-CONDITIONS 3 REV 2 XSS 2 ADVANCED-WEB 1 ATTACK-DEFENSE 1 C++ 1 CLONE-AND-PWN 1 GAME 1 MISC 1 PWN 1 PYTHON 1 QILING 1 RCE 1 REAL-WORLD 1 SANDBOX-ESCAPE 1 SUDO 1 SUNDHEDSKORT 1 USE-AFTER-FREE 1 XS-SEARCH 1 Z3 1

Copyright KALMARUNIONEN. All Rights Reserved