September 19, 2018

CSAW Quals 2018 - RE 400 - Not Protobuf

I’m in this company’s network and I’ve MITM’d this weird protocol between a dev client and server, but I can’t figure out how it works. Connect to and I’ll send the client traffic to you. Forward it on to the dev server at to figure out what’s going on. Once you’re ready, hit up the prod server at which should have a flag for you. Solved with jack2 and Plailect! Read more

November 6, 2017

HITCON CTF Quals 2017 - Footbook

Don’t like Facebook? Try our brand-new social networking service! tl;dr Proxy requests from to the remote server: socat TCP-LISTEN:3000,fork TCP: Register a Dropbox account with email address admin+something@footbook.meh Log in to site at using Dropbox OAuth Get flag! explanation We are presented with a very simple social media website that allows registered users to make public posts and send messages to other registered users (via their email address). Read more