VolgaCTF - Share Point writeup

Share Point Look! I wrote a good service for sharing your files with your friends, enjoy) share-point.quals.2017.volgactf.ru The challenge begun by signing in to the control panel by simply entering random account details. Once logged in you had the …


VolgaCTF - Bloody Feedback writeup

Bloody Feedback Send your feedback at bloody-feedback.quals.2017.volgactf.ru DO. NOT. USE. SQLMAP Otherwise your IP will be banned The challenge basically has two functions, 1) Send feedback and 2) view the status of the sent feedback. There is also page …


Chalmers CTF

Hey, long time since last post, been busy with university and starting Chalmers very first CTF team: Chalmers CTF!! Check out our website for information: https://chalmersctf.se


SEC-T CTF - Confusion Writeup

This time I participated in the SEC-T CTF event and it was pretty fun! I played with a group of people from my university and we managed to get quite some points. But I didn’t manage to solve some of the challenges on time. However this didn’t …


Exploiting weak Content Security Policy (CSP) rules for fun and profit

This article is based on my findings during a bug bounty. I was looking for any input bugs which could trigger a XSS but didn’t find any until I tested the file upload functionality. Users had the option to drag&drop images into the …


Creating SYN flood attacks with Python

Today it’s very easy for people to download tools that overwhelm computer systems (denial of service) in order to take them offline. There are different types of attacks that can be used to create a denial of service attack, one of them is the SYN …