Various CTF (capture the flag) security challenges that I've created
| Name | CTF | Category | Description | Year | Writeup |
|---|---|---|---|---|---|
| uploaders-revenge | CSAW CTF 2023 Finals | web | Firefox CSP bypass via controlled mimetype | 2023 | TODO |
| webhooktester | CSAW CTF 2023 Finals | web | SSRF filter bypassing + Caddy SSRF -> RCE | 2023 | TODO |
| rainbow-notes | CSAW CTF 2023 | web | DOM clobbering + STTF XS-leak | 2023 | Writeup |
| pwnykey | UIUCTF 2023 | rev | reversing custom obfuscation of DeviceScript bytecode | 2023 | Writeup |
| geminiblog | DiceCTF 2023 | misc | bash bugs + SNI injection | 2023 | Writeup |
| impossible-xss | DiceCTF 2023 | web | XXE in Chrome XSLT | 2023 | Writeup |
| jnotes | DiceCTF 2023 | web | cookie smuggling / Jetty 0day | 2023 | Writeup, Writeup |
| spoink | UIUCTF 2022 | web | Pebble Spring SSTI 0day | 2022 | Writeup (CN), Writeup (JP) |
| woeby | UIUCTF 2022 | web | CSRF+SQLi in OSS search engine | 2022 | Writeup (CN) |
| precisionism | UIUCTF 2022 | web | harder prefix injection to bypass CORB | 2022 | Writeup |
| modernism | UIUCTF 2022 | web | prefix injection to bypass CORB | 2022 | Writeup (CN) |
| shadow | DiceCTF 2022 | web | exfiltration from shadow DOM | 2022 | Writeup |
| uploader | N/A | web | fileupload XSS bypassing CSP and mimetype filter | 2021 | TODO |
| pwnyIDE | UIUCTF 2021 | web | chrome 0day (header length bypass) + cross protocol scripting + 2 node-ftpd 0days (race condition, multiple command smuggling) | 2021 | Writeup |
| yana | UIUCTF 2021 | web | cache probing xs-leak + cache partitioning bypass | 2021 | Writeup |
| essveegee | UIUCTF 2021 | web | SVG LFI + file:// directory brute forcing without JS | 2021 | Writeup (JP) |
| phpfuck | UIUCTF 2021 | jail | PHP RCE in 5 unique chars | 2021 | Writeup |
| deserializeme | UIUCTF 2020 | misc | PyYAML 0day | 2020 | Writeup |
| nookcrypt | UIUCTF 2020 | crypto | ECC fault attack | 2020 | Writeup |
| fumblr | EasyCTF IV | web | CSRF + CSP bypass | 2018 | Writeup |
| Fanfic Studio | EasyCTF IV | pwn | intro heap exploitation | 2018 | Writeup |
| qset 1,2,3 | ABCTF 2017 | ppc | write code in an esolang i made | 2017 | Writeup |
| library | EasyCTF 2017 | ppc | combinatorics fun | 2017 | Writeup (CN) |
| Little Crypto Gambler | ctf(x) | crypto | crack generated LCGs | 2016 | Writeup |
| customauth | ctf(x) | crypto/web | ECB ciphertext manipulation | 2016 | Writeup |