>/Categories $

The Discrete Logarithm Problem Now that you understand modular arithmetic, we can move on to its applications. In the previous post, we discussed how to perform modular computations. Now, it's time to learn how these computations are used in cryptography. Calculating the remainder in an equation...

What is Modular Arithmetic? Usually, when you want to perform division, you do something like: $$ \frac{3}{5} = 1,(6) \Rightarrow 1\frac{2}{3} $$ But there are some cases when you only need the remainder. $$ \frac{\text{Dividend}}{\text{Divisor}} = \text{Quotient} + \text{Remainder} $$ Where...

Requirements To create an account, you'll need the Authenticator app or any other that supports TOTP (time-based one-time passwords), since I don't want to store this kind of information in my database. :) What's next? Once you have it, go to the sign-up page and check if the nickname you want...

The Second Task Continuing the series, let's check what's inside the second task. So now we can search for "Invalid Header". And there is exactly one hit! This message is shown when the condition involving the parapet function fails. So let's dig into that. Here's the function code; int...

What is even this task about? Ok, so last time we ended up with some bunch of weird looking bytes; 00 00 00 00 0e 05 13 07 36 0f 37 69 22 27 3f 65 2e 20 36 69 2f 3b 3f 24 26 61 2c 21 24 3a 7b 65 7d 39 6a 79 7d 79 6a 38 4d Attempt to SOLVE says 'This is not the right header...' so we can...

What is this task even about? I started this challenge by taking a look at Discord, as part of my team had already begun working on it. My first glance at the provided charts led me to think -> 2 charts are probably UART or I2C to be decoded. Identifying protocol A quick look at the provided...

Who called this 'guessy'? This task wasn't very 'guessy' for me because as soon as I opened the included audio recording, I recognized those distinctive sounds. Not long ago, a clip titled "Two AI Agents Start Talking in a Different Language with Each Other" was viral online, with news sites...

Introduction Quite a few of my posts focus on solving challenges involving reverse engineering of mobile applications from CTF competitions. Although in one of my previous posts I briefly described how to approach this topic, I'd like to cover it more extensively here, highlighting particularly...

First Part Look at the files After downloading and unzipping the archive there’s only one APK inside, so I launched it on an Android emulator and also opened the APK in JADX-GUI for static analysis. Not much to see in the UI at first glance. There’s a discount code field that’s likely the...

Let's play Ok, so we run the provided game and see some NPC. Let's talk to him: Oh, looks like he won't talk to us unless we pay him. Luckily, there was a bank next to him—great! Unfortunately, this bank has only 1000 cash, but it's not a problem as long as we are hackers... ...

First Part Look at the files │>PHISH_MARKET │ docker-compose.yml │ start.sh │ ├───market │ Dockerfile │ market │ wait-for-it.sh │ └───mysql Dockerfile init-db.sql As you may have noticed, there are 2 Docker containers: one with a MySQL database and another...

First Part Recon To be honest we don't have much to see there. It's simple login form shown on the screenshot below: And we don't have any credentials attached to this task so I assumed it's a SQLi kind of a task and tried some basic payloads as input. It turns out this site has...

First Part Look at the files │>sweet treet │ cookiejar │ directory.db │ docker-compose.yml │ Dockerfile │ README.md │ └───webapp │ edit_profile.jsp │ index.jsp │ login.jsp │ logout.jsp │ register.jsp │ styles.css │ └───admin │ admin-review.jsp │ admin.jsp Run the app As you can see, everything...