#Writeup

2025-06-28

Bon, je suis - disons - nominé pour le writeup créatif de N0PS CTF.

pico.masdescrocodiles.fr/stati

Rha la la, je suis un peu déçu, je pensais gagner une statue de moi-même réalisé en tessons de bouteilles de champagne, mais non, hélas.

#CTF #N0PS #prix #gagnant #writeup #BD

2025-06-27

When Backups Open Backdoors: We discovered a leaked credential that allowed anyone unauthorized access to all Microsoft tenants of organizations that use Synology's "Active Backup for Microsoft 365" (ABM), including sensitive data such as all Teams channel messages. #synology #disclosure #modzero #writeup
modzero.com/en/blog/when-backu

2025-06-06

Played N0PS CTF last week-end.
This is my write-up, with images.

#android #writeup #CTF #native #java #reverse #jeb #decompiler

1/4

hubertfhubertf
2025-06-01

This weekend's GreyCatCTF had an interesting "Reverse 101" challenge in the "EZPZ" category. In "nc" a number of questions were asked on the binary, and the most interesting one was what a certain function did (RC4 encrypt) and what input is required to get the flag.

Besides ghidra & gdb, angr was very helpful here to get the plaintext for the RC4 encryption. See pictures for details.

ghidra decompile of main()angr script to solve required RC4 inputfull Q & A plus flag
Collectors Realm 3 - Vintage gay porn, Jack Drago, and Bob's Guyscollectorsrealm3.net@web.brid.gy
2025-05-31
somadexteroussomadexterous
2025-05-26

Wohoo...
My poem in the English language has been published!

A big thank you to Paper Boat and The Alipore Post for organizing such a delightful event. It was a rare and cherished opportunity to stretch my literary muscles in English, especially through poetry. The experience was not only exhilarating but also incredibly soothing, stirring up a beautiful sense of nostalgia.

hubertfhubertf
2025-05-18

Spent some time at BUYCTF yesterday, scored some flags, some not. Learned a lot, and had even more fun. Here is a writeup from my notes:

feyrer.de/redir/BYUCTF2025-Wri

#2025

2025-05-09

I noticed a (minor but abusable) data leak in the RMM/PSA tool Atera a while ago, reported it and it's now fixed. I think it's somewhat interesting so I wrote it up.

fyr.io/post/atera-leaked-their

Tldr: if you tested your SMTP settings, it used a public mailbox on mailinator, allowing anyone to watch for (and respond to, if you're so inclined) mail. Phishing opportunity!

#infosec #atera #privacy #dataleak #mailinator #writeup #phishing #netsec

somadexteroussomadexterous
2025-04-26

Ontu uncle says he once saw it,
hanging from that fig tree branch, just above the water.
No one ever doubts uncle.

Rupu says the fish
the one they call love
isn’t really anything at all.
If you believe in it, it exists.
If you don’t, it fades away.

From afar, love looks magical.
But the closer you get, the more it slips away, like mist.
That’s why no one dares approach a heart too full.

Do you know the kind of peace that comes
from simply believing it’s real?

Collectors Realm 3 - Vintage gay porn, Jack Drago, and Bob's Guyscollectorsrealm3.net@web.brid.gy
2025-04-19
hubertfhubertf
2025-02-18

Mein TryHackMe StuxCTF WriteUp ist jetzt verlinkt

Having no hands on experience with reverse #ctf challenges (yet) but glad I followed links to the #writeup synacktiv.com/publications/lev

2024-12-15
2024-12-14

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst