corCTF 2021 - outfoxed

12 hours before the CTF ended, my friend hit me up telling me about the firefox pwn challenge in corCTF. I have never done Firefox/Spidermonkey pwn before, so this has been an awesome learning opportunity for me. Because I started the challenge when not much time was left, this write-up may not fully and correctly convey all technical details. Please keep that in mind and hit me up if you find anything incorrect, I would be happy to learn and update my post!

Google CTF 2021 - Fullchain

This year, I played Google CTF under team vh++. Although we did not solve this challenge during the CTF, we have finished it afterwards. This write-up explains the process of studying and writing exploit for chromium browser in the challenge Fullchain of Google CTF 2021. Since I have never tried a chrome sandbox escape or partition alloc exploit, this is a fantastic opportunity to learn both. Let’s go!

AceBear CTF 19

I had a lot of fun and a hard time during this CTF, but the challenges are really awesome. I spent the whole time solving one challenge: Incident Response (Misc 1000). In my opinion, this challenge closely resembles a real-life scenario and I’m glad that I’ve learned a lot out of it. So here goes the write up for it!

Insomnihack Teaser CTF 2019

This is my exploit for the Onewrite challenge from Insomnihack Teaser CTF 2019.

TetCTF 19

This is my write-up for TetCTF 19

35C3 CTF

This is my first time participating in C3 CTF. Although I wasn’t able to solve many challenges within the time of the CTF, I still find the challenges really awesome and exciting. I wanted to solve pwnable challenges with the hope to learn more about exploit development of real applications, but ended up solving 2 RE ones. Here is my writeup for them :)

H1-702 CTF 2018

It’s this time of the year again and I have the chance to play the CTF held by Hackerone. It has a lot of mobile hacking challenge, and at the same time, I wanted to dive into this. What a good time to learn!

GRIMM HAX Combined Challenge

This is the write-up for challenges I have done GRIMM HAX challenge.

2017 SANS Holiday Hacking Challenge

This year, I’ve had the chance to participate in SANS Holiday Hacking Challenge. The first time I did it was last year. I didn’t think it was interesting with real pentesting stuffs until I read the writeups, so I decided to start early this year.

UB Lockdown V3

The weekend before Thanksgiving, I had the chance to play at Lockdown v3, an incident response competition held at University of Buffalo by UBNetDef.