Kalmarunionen
open-menu closeme
News icon
2025 - Four Weeks of Wins: Kalmarunionen Takes 1st Place at Hack.lu CTF! 🏆 2025 - Kalmarunionen Wins Google Hackceler8 in Mexico City 🏆🇲🇽 2025 - We did it: Kalmarunionen just won ASIS CTF - our 4th ASIS WIN! 2025 - 2nd at GoogleCTF, Mid-Season World #1 - and a visit from the Minister! 2025 - Triple CTF Weekend 2025 - KalmarCTF 2025 - Kalmarunionen is now officially the #1 competitive hacking team in the world! 2024 - Chaos Communication Congress (38C3) HXP CTF 2024 - SECCON CTF 2024 - Cybersecurity Awareness Month 2024 - Google CTF 2024 - Aim for DEFCON Glory - Call for sponsors 2024 - Kalmar CTF 2024 - Real World CTF
Writeups icon
ASIS CTF - xtr BambooFox CTF: The Vault BSidesSF 2021: Log 'em All De Danske Cybermesterskaber: 80s Commitments De Danske Cybermesterskaber: Kuuuurveen FaustCTF 2021 - Attack & Defense - thelostbottle Hack.lu CTF - Nodenb LKVM Escape MidnightSun Quals: kgbfskfsb MidnightSun Quals: Revver Pwn2win - Hackus Qiling Sandbox Escape Real World CTF 4th: Secured Java SekaiCTF 2023 - Leakless Note Sudo Exploit Writeup Union CTF 2021: Cr0wnAir
Become a member
Sponsors
About

  • SekaiCTF 2023 - Leakless Note

    calendar September 5, 2023 · 6 min read · Web Advanced web XSS XS-Search  ·
    Share on: twitter facebook linkedin copy

    Introduction

    We (Kalmarunionen) firstblooded the Leakless Note challenge during the SekaiCTF 2023. Only four teams solved the challenge during the competition. This is our write-up of the working - yet, unintended solution.

    TL;DR: We open 50 tabs and can use the timing difference from an iframe CSP violation in the …


    Read More

  • ASIS CTF - xtr

    calendar October 15, 2022 · 9 min read · web XSS RCE  ·
    Share on: twitter facebook linkedin copy

    Writeup by: andyandpandy, Anakin

    Solved by: Fr3d, c3lphie, Anakin, andyandpandy, patriksletmo, ly4k and more

    Writeup

    This challenge took us 21 hours to solve. Only 3 out of 524 teams solved it.

    Overview

    The challenge included a scenario where we had arbitrary javascript execution on a website. From here we were able to …


    Read More

  • MidnightSun Quals: kgbfskfsb

    calendar April 3, 2022 · 7 min read · web race-conditions  ·
    Share on: twitter facebook linkedin copy

    kgbfskfsb, MidnightSun CTF writeup

    Writeup by: Nigma, nrabulinski

    Solved by: sebastianpc, Eldar Zeynalli (Hako), nrabulinski, Nigma

    Description:

    DeNiS Sergeev wants a secret mission payload…

    Attachments:

    kgbfskfsb.tar.gz

    The challenge description pretty clearly hints towards DNS stuff and sure enough, after …


    Read More

  • LKVM Escape

    calendar December 17, 2021 · 16 min read · web race-conditions  ·
    Share on: twitter facebook linkedin copy

    Writeup by: Zanderdk | linkedin

    Solved by: ZZZ | linkedin, N00byedge | linkedin

    Indie VMM - HXP 2021

    In this challenge we are given a root access to a linux machine running in the linux tools hypervisor and the goal is to escape out of the hypervisor to access the flag file on the host system. During this challenge we …


    Read More

  • Hack.lu CTF - Nodenb

    calendar October 30, 2021 · 9 min read · web race-conditions  ·
    Share on: twitter facebook linkedin copy

    Writeup by: andyandpandy

    Solved by: andyandpandy, Hako

    Writeup

    The challenge has a race condition vulnerability, where you can delete your user and rapidly after send another request for the flag, which is successful when timed correctly.

    Description

    Web challenge

    Challenge author: pspaul/SonarSource

    To keep track of …


    Read More

Recent Posts

  • 2025 - Four Weeks of Wins: Kalmarunionen Takes 1st Place at Hack.lu CTF! 🏆
  • 2025 - Kalmarunionen Wins Google Hackceler8 in Mexico City 🏆🇲🇽
  • 2025 - We did it: Kalmarunionen just won ASIS CTF - our 4th ASIS WIN!
  • 2025 - 2nd at GoogleCTF, Mid-Season World #1 - and a visit from the Minister!
  • 2025 - Triple CTF Weekend
  • 2025 - KalmarCTF
  • 2025 - Kalmarunionen is now officially the #1 competitive hacking team in the world!
  • 2024 - Chaos Communication Congress (38C3) HXP CTF

Categories

WRITEUPS 17 NEWS 14 DDC 2021 2 MIDNIGHTSUN 2 BSIDESSF 2021 CTF 1 FAUST CTF 2021 1 HACK.LU CTF 1 HXP 1 REAL CVE 1 REAL WORLD CTF 1 SEKAICTF 2023 1

Tags

LINKEDIN 14 CRYPTO 8 2024 7 NEWS 5 WEB 5 RACE-CONDITIONS 3 GOOGLECTF 2 HACKING 2 KALMARCTF 2 REV 2 XSS 2 38C3 1 ADVANCED WEB 1 ASIS 1 ATTACK-DEFENSE 1 BREAKTHESYNTAXCTF 1 C++ 1 CLONE-AND-PWN 1 CTF 1 CTFTIME 1 CYBERSECURITYAWARENESSMONTH 1 DAMCTF 1 GAME 1 GOOGLE CTF 1 HACKCELER8 1 HACKLU 1 HXPCTF 1 JOURNEY 1 MEXICO 1 MIDNIGHT SUN 1 MISC 1 PLAIDCTF 1 PWN 1 PYTHON 1 QILING 1 RCE 1 REAL WORLD CTF 1 REAL-WORLD 1 SANDBOX-ESCAPE 1 SANDIEGOCTF 1 SECCONCTF 1 SUDO 1 SUNDHEDSKORT 1 UMDCTF 1 USE-AFTER-FREE 1 XS-SEARCH 1 Z3 1

Sponsor Highlight

Kalmarunionen is proudly sponsored by:

  • Dubex
  • ICSRange
  • Industriens Fond
  • JN Data
  • VENZO
  • CyberSkillsDK
Kalmarunionen

Copyright  KALMARUNIONEN. All Rights Reserved

to-top