2016 to 2019 - What I've been up to

Maybe it would be a stretch to say I've been busy since 2016, but I haven't been doing nothing. Here are links to things I've been doing.
Read more

SecTalks Brisbane "Encrypted 4" challenge

SecTalks Brisbane recently hosted a CTF, and lxb's Crypto challenge particularly tickled me.
Read more

Insomni'hack 2016 Teaser CTF - Declawing smartcat1 and smartcat2

This weekend was the Insomni'hack 2016 Teaser CTF with a bunch of IoT-themed challenges. This is a writeup of the smartcat1 and smartcat2 Web challenges.
Read more

Coindrawer Bug Bounty Finale

Read more

JSEC1065 - Coindrawer Non-persistent XSS disclosure (Buy/sell orders feature, cancel_order param)

Read more

JSEC1053 - Coindrawer Provide Arbitrary Exchange Rate disclosure

Read more

NotSoSecure's 2nd SQLiLab CTF writeup

This year's Easter weekend featured NotSoSecure's 2nd SQLiLab CTF event. The contest promised two flags to capture, and lasted about 72 hours (it ended up being extended due to some muppet's DNS DoS attack against the game). Let's capture some flags.
Read more

JSEC1051 - Coindrawer Payment Replay Disclosure, Create Multiple Merchant Orders

Read more

JSEC1046 - Coindrawer Persistent DOM XSS disclosure (Paycoin feature)

Read more

Coindrawer Bug Bounty Experience

Read more