Google CTF 2024 Grand Prix Heaven
This is my solution for Grand Prix Heaven from Google 2024 CTF. I particularly enjoyed this challenge because of its detail level; multiple little vulnerabilities had to be chained together to achieve XSS on the target.
I will start with the exploit, then follow up with the notes which may help explain why the exploit does what it does.
Exploit import requests import json import re import exif import warnings warnings.
Solving Web: Bad Challenge from Arab Security War Games 2024
In this writeup, I will explain how I solved Bad, an interesting web challenge written by the amazing Abdelhamid Ghazy as part of the recent Arab Security Conference War Games (ASCWG) 2024. ASCWG had four web challenges. I cleared the first three early in the competition before spending the next 16 hours on Bad, submitting only 30 minutes before the end of the CTF.
- What are we up to? Title Author Solves Bad Abdelhamid Ghazy 3 The challenge was initially black-box but the author decided to open it under pressure from a now-desperate audience.
BOM Sniffing to XSS
In this post, we will learn about text encoding, how browsers determine content encoding, talk about BOM and finally how we can bypass DOM sanitizers by just playing around with input encoding.
For those interested, this post is based on an interesting challenge called Secure Notes which was authored by @13x1 and have appeared in the recent GPN 2024 CTF.
We are given 16 lines of source code and access to an admin bot.
Apexsurvive Writeup (HTB Cyber Apocalypse 2024)
Chapter 0: Introduction Hey thereπ. I am Adham Elmosalamy, a Computer Engineering student, and in this post I will walk you through my solution of Apexsurvive from Hack The Box 2024 Cyber Apocalypse CTF, a beautiful challenge that costed me three days of research, experimentation and sweat to take down.
This is a beginner-friendly writeup where I explain how web challenges like this could be approached: going over methodology, mindset and research.
Google CTF 2023 And How It Almost Backfired
I wanted to introduce a group of students to cybersecurity. They showed passion and willingness to learn.
I thought there would be no better introduction than inviting them to a Capture the Flag (CTF) competition. That way they would get exposed to the field while having a fun experience.
CTFs require teamwork, showcase the diverse requirements (and goals) of cybersecurity, offer hands-on practice, and demand a security research mindset. In fact, many professionals jumpstarted their security careers via CTFs.