SherpaCTF 2024 Writeup

SherpaCTF 2024 Writeup

SherpaCTF 2024 was the only CTF that I had joined in 2024, and to my surprise, also my first 24 hours on-site CTF. Being a graduate had decreased the opportunity for me participate in physical CTFs, but finally Sherpasec had given me one CTF to play this year. The organizers of this CTF is the members from Sherpasec community, which consists of students, fresh graduates, and also seasoned experts. Aside from that, the challenge creators team are built from seasoned players that had mad experience, some are the challenge creators of wargames.my, and some of them are crazy talented students, and every single one of them created challenges based on their expertise. It was one of the most challenging and fun CTF that I had joined!

Read more
HackTheBox: PermX

HackTheBox: PermX

So, I haven’t been playing HTB for quite sometime, and I finally had some motivation (or mood) to try out some boxes. So here is my writeup for the HTB seasonal machine: PermX.

Read more
Understanding SQLi

Understanding SQLi

SQL Injection (SQLI) is a common web security vulnerability that occurs when an attacker manipulates the SQL query sent from an application to its underlying database. By altering the intended query, attackers can access, modify, or delete data without proper authorization. This form of attack typically occurs in the WHERE clause of SELECT queries and can lead to severe consequences such as unauthorized data access or even complete compromise of the server (e.g., gaining administrative privileges).

Read more
Path Traversal in Ivanti: CVE-2024-8963

Path Traversal in Ivanti: CVE-2024-8963

The previous Cloud Services Appliance (CSA) flaw CVE-2024-8190 discovered within Ivanti, now have another vulnerability affecting the same product, CVE-2024-8963 that is currently being actively exploited. The newly identified flaw, CVE-2024-8963, has been assigned a CVSS score of 9.4 out of 10.

Read more
Wargames2023 CTF MISC Challenge: Splice

Wargames2023 CTF MISC Challenge: Splice

This year, wargames is filled with very interesting challenges. As for this miscellaneous challenge - Splice, it’s a more lighthearted challenge as compared to the other brain-cells consuming challenges. The challenge is to recover 2 QR code that are removed at the middle of the QR image.

Read more
ASCIS2023 Jeopardy Finals: Secbiz-Library Web Challenge

ASCIS2023 Jeopardy Finals: Secbiz-Library Web Challenge

The ASCIS CTF is an annual Vietnam CTF challenge that many teams from ASEAN countries will participate. This year, the CTF consists of 3 rounds, Warmup Round which requires teams to at least solve 1 challenge to proceed with the next round; Semi-Finals, and 2 different Finals, in which top20 overall teams will be playing Attack and Defense CTF, while the remaining teams continue the Jeopardy CTF.

Read more
PetronasCTF2023 Web Challenge: Henny Peony Got Hit on the Head; with an egg!

PetronasCTF2023 Web Challenge: Henny Peony Got Hit on the Head; with an egg!

Petronas CTF 2023 is a local CTF organized by Petroliam Nasional Berhad Malaysia. The CTF was held on 9th and 10th October 2023, in Kuala Lumpur Convention Center for 2 days with an elimination round and a top 25 final round. The challenges were quite interesting and majority are great quality challenge. In this web challenge, a featureless website was provided.

Read more
SKR CTF Web Challenge: Kuki-Bank

SKR CTF Web Challenge: Kuki-Bank

SKR CTF is a good platform to practice CTF challenges and test out cybersecurity knowledge. The challenge done is a medium level web challenge called Kuki Bank.

Read more
HITB-Phuket

HITB-Phuket

On 26th and 27th August 2023, I’ve attended my first HITBSec conference in Phuket,Thailand. HITBSec Conf or the Hack In The Box Security Conference is an annual security event that security researchers and professionals around the world will come together to share their latest findings through research or experience. The conference was firsly founded in Malaysia, but then had evolved into a bigger scaled conference where it is held internationally in such that the conference held commonly at Amsterdam.

Read more
Sharing My Experience in CTF

Sharing My Experience in CTF

CTF or capture the flag is a hacking competition that participants race against time to solve as many challenges and gain as much points to win. There are mainly 2 types of CTF, Jeopardy-Style in which is the traditional challenge solving CTF, or Attack-and-Defence Style that competitors will hack into each other’s system while patching their own vulnerable systems.

Read more