LSE Epita format string
Time ago i can’t write on this blog. It’s normal when your time is full dedicated to work and study. Now, i have one hour to publish something related guess with ? Yes, ctf challenges :) Since this is only…
Hackover CTF – messagecenter
A long time since last writeup so i have decided comment a simple web level solved on “Hackover CTF”. It’s very old vulnerability related with type safe comparation on PHP and serialize function. We have a web login with normal test…
n00bs CTF Labs by Infosec Institute – 2nd edition
Here another edition of n00bs infosec CTF. 13 Levels, i will add as soon as i can complete, so stay tuned and keep visiting this post. Remember first edition ?. Level 2 A simple calculator. Need to inject something that breaks…
HITB TEASER: SATCOM
WEB 1000 SATCOM Our division of foreign cyber affairs has been hard at work lately. While mapping out some obscure subnets (which we think belong to the intelligence agency that is investigating HEAVENWEB) we’ve come accross a Sattelite Communications Center.…
n00bs CTF Labs by Infosec Institute
This time InfoSec Institute bring us the opportunity to learn a very basic concepts for n00bs on a CTF with 15 Levels. Level 1 Just browse the source and see the comment. <!– infosec_flagis_welcome –> flag: infosec_flagis_welcome Level 2 Seems we…
![CTF teaser Insomnihack 2015 [ynos – web100]](https://i1.wp.com/blogs.tunelko.com/wp-content/uploads/2015/01/ynos.png?resize=507%2C380&ssl=1)
CTF teaser Insomnihack 2015 [ynos – web100]
First, happy new year to all. This time we are going to see how to solve ynos task from the last weekend, Insomnihack 2015 teaser. Good work to the people behind the scenes :). This web task presents several vulnerabilites…
CTF NN4ED – Navaja Negra – Writeup
This is my CTF on Navaja Negra writeup and solutions. 0758683c65d8d8d88e7955cfe4ab4538_ctf_nn4ed_tunelko Tweet
MakeMeFeeWet^Hb [No cON Name 2014 CTF – QUALS]
This challenge has a a bit more complicated solution proceess and more fun to learn. We have a login page that stay inmmutable to our several injection attacks. The only weird thing is a comment on the source page, vim…
WEBster [No cON Name 2014 CTF – QUALS]
This year “No cON Name Capture The Flag” quals had more than three challenges to compete for the final, so big thanks to organizers to extend last year limit. At now ( 09:27 am GMT+2 ), @DefCon-UA (dcua team) have…
Avoiding wordpress xmlrpc attack. How to mitigate?
This entry was unintended. Thanks to the people that yesterday launch an attack over an updated wordpress. I have noticed this attack few hours later from its start when i see the consumption of server CPU resources: It is strange…