blog.
Writeups, notes on security research, and DevOps adventures.
DownUnderCTF 2025 — Down To Modulate Frequencies! (100 pts) Sep 1, 2025 Decoding DTMF telephone frequencies combined with multi-tap text entry to recover a hidden message. DownUnderCTF 2025 — Fishy Website (112 pts) Sep 1, 2025 Analyzing a paste-n-run phishing attack — decrypting RC4-encrypted C2 traffic hidden inside fake TLS records. DownUnderCTF 2025 — Mary had a little lambda (154 pts) Sep 1, 2025 Exploiting exposed AWS credentials to escalate privileges via IAM role assumption and retrieve secrets from SSM Parameter Store. DownUnderCTF 2025 — rocky (100 pts) Sep 1, 2025 Cracking an MD5 hash to unlock a flag decryption routine in a 64-bit ELF binary. DownUnderCTF 2025 — YoDawg (147 pts) Sep 1, 2025 A CTF within a CTF — reverse engineering a .NET assembly that hides a gamified challenge suite. DownUnderCTF 2025 — zeus (100 pts) Sep 1, 2025 Reversing argument validation and XOR decryption in a 64-bit ELF to invoke a hidden flag. The Anatomy of a "Paste n Run" Phishing Attack Jan 1, 2025 How attackers weaponize fake CAPTCHA pages to trick users into running malicious PowerShell commands — and what happens next. Wargames.MY CTF 2024 — Forensic: I Cant Manipulate People (50 pts) Dec 1, 2024 Extracting a flag hidden in the last byte of each ICMP packet in a packet capture. Wargames.MY CTF 2024 — Forensic: Oh Man (445 pts) Dec 1, 2024 Cracking NetNTLMv2 credentials to decrypt SMB3 traffic, then extracting secrets from a nanodump memory dump. Wargames.MY CTF 2024 — Forensic: Tricky Malware (481 pts) Dec 1, 2024 Tracing malware C2 infrastructure through network traffic analysis and memory forensics. Wargames.MY CTF 2024 — Forensic: Unwanted Meow (328 pts) Dec 1, 2024 Recovering a corrupted JPEG by stripping repeated 'meow' strings injected throughout the file. Wargames.MY CTF 2024 — Misc: Invisible Ink (388 pts) Dec 1, 2024 Finding a flag hidden in GIF transparency frames using StegSolve and color mapping. Wargames.MY CTF 2024 — Misc: The DCM Meta (310 pts) Dec 1, 2024 Extracting hidden characters from a DICOM file and reordering them via an index permutation to recover the flag. Cyber Jawara International 2024 — Misc: Stone Game (100 pts) Nov 1, 2024 Winning a Nim game against the server by exploiting the nim-sum strategy — and the fact that taking zero stones is allowed. Indonesia's Personal Data Protection Law (UU PDP) Oct 17, 2024 A plain-language breakdown of UU 27/2022 — what it covers, why it matters, and what companies need to do before the deadline. HTB University CTF 2023 — BioBundle (medium) Dec 1, 2023 Extracting and decrypting an in-memory ELF library loaded via memfd_create and XOR-obfuscated with 0x37. HTB University CTF 2023 — RiseFromTheDead (hard) Dec 1, 2023 Recovering a shuffled flag from a core dump by extracting random indices used in the shuffle algorithm. HTB University CTF 2023 — WindowsOfOpportunity (easy) Dec 1, 2023 Reverse engineering a flag checker that validates input by summing consecutive pairs against a hardcoded array.