posts

2025 Year

• Insomni'hack 2025 - revengery

  // forge ECDSA signature to takeower the ownership of a Solidity contract

2024 Year

• CTFZone 2024 Final — registry

  // exploiting layer naming in Docker container registry

• BRICS+ CTF 2024 — villa & mirage & excess

  // writeup for all web challenges from BRICS+ CTF

• BRICS+ CTF 2024 — dolly

  // reverse engineering of some tricky binary

• BRICS+ CTF 2024 — gollum

  // pwning the Golang application with a compiler bug

• CVE-2024-5629 writeup

  // out-of-bounds read in Python binary package

• CVE-2024-21502 writeup

  // memory corruption in Python binary package

• Gold CTF 2024 — digger

  // reversing crypto binary to achieve slide attack primitive

2023 Year

• RuCTF Finals 2023 — stalker

  // exploiting race condition in MariaDB primary keys setup

• RuCTF Finals 2023 — solaris

  // attacking matrix-based cryptosystem using Coppersmith method

2022 Year

• Russian CTF Cup 2022 — babyrsa

  // collect impossible remainders and use CRT to retrieve RSA factor

• FAUST CTF 2022 — Notes from the Future

  // predicting random output to forge proof of knowledge scheme

• Aero CTF 2022 — balloon

  // memory corruption in CPython exploiting madvise()

• RuCTF 2022 — ambulance

  // exploiting arbitrary free in CPython library to gain RCE

• STAY ~/ 2022 — virush

  // write a ROP chain on the stack of /usr/bin/dd using the of=/proc/self/mem

2021 Year

• Leto CTF 2021 — confident-confinement

  // escape a python jail with decorators and type annotations

• m0leCon CTF 2021 Teaser — Obscurity

  // attacking FCSR state to recover keystream

• m0leCon CTF 2021 Teaser — Giant log

  // calculate discrete log using p-adics

• m0leCon CTF 2021 Teaser — Alternating key exchange

  // using meet-in-the-middle approach to attack non-commutative scheme

2020 Year

• RuCTF 2020 — notary

  // detect the low-entropy PRNG and attack the KMOV cryptosystem

• Russian CTF Cup 2020 — security

  // provide a native engine to openssl using an injection to command arguments

• Russian CTF Cup 2020 — caller

  // abuse single system call primitive to gain RCE in CPython

• CONFidence CTF 2020 Finals — ElGamal

  // mapping to the additive group using invalid curve attack

• CyBRICS CTF 2020 — Incident

  // exploiting buffer overflow to leak a hidden backdoor

• FAUST CTF 2020 — Cartography

  // arbitrary write using malloc() primitive

• m0leCon CTF 2020 Teaser — King Exchange

  // recovering group structure of a circle to calculate discrete log