Bauhinia Newsletter Volume 1

Announcing Bauhinia Newsletter! Bauhinia Newsletter is one of our initiative for our members to share knowledge to others, containing technical articles, CTF and conference journals and team memes! Here is the table of content for the first volume! Notice some of the content are in English while some are in Cantonese. Knowledge Sharing The journey of my first cybersecurity certificate – Jimmy Reflections on “Reflections on Trusting Trust” – Stdor The Power of QR code recovery – a1668k Bauhinia CTF 2023 Image Factory – cire meat pop TetCTF 2024 LordGPT: Microsoft Azure OAuth Bug – vow Binary Similarity: Overview of BinDiff – wwkenwong How LLL works (simply) – Eason Traffic Routing in Kubernetes – ensy Flipper Zero 推坑簡介之 NFC – GonJK Threats Analysis for Running Out of Paper in Public Toilets – apple Introduction to Generative Model – streamline Interacting Breakpoints with OWASP ZAP API – vikychoi APT techniques studying: DLL sideloading – botton PuTTY’s P521 vulnerability, and a LLL primer – Mystiz Events 小妹火山遊🌋– grhkm Onsite Hardware Problem in SECCON 2023 Final – harrier SECCON Trip in Japan – hoifanrd Ad-Hoc Isekai Tensei Hakka Vol 1 Issue 1 – Ozetta Isekai Tensei Hakka Vol 1 Issue 2 – Ozetta You can download the pdf for this volume at here!...

August 23, 2024 · blackb6a

Bauhinia CTF 2023: Image Factory

Last year, I created a pwn challenge for the Bauhinia CTF competition. Personally, I consider it to be the most difficult pwn challenge I have ever created, and here I would like to share the challenge and its intended solution. At the same time, I will discuss common solving approaches you may find useful for this type of challenge. Overview As a CTFer, we have the obligation to code any program in a secure manner, even if a university assignment, right?...

March 10, 2024 · cire meat pop

CryptoCTF 2023 Writeup

Welcome!! (23 points, 663 solves) Difficulty: Warm-up We surely did get warmed up this CTF, as we came second, even beating the Cryptohackers (merge) team! Well done to everyone who participated 💜 Did it! (33 points, 220 solves) Difficulty: Easy The parameters $n = 127$ and $\ell = 20$ is fixed. A hidden subset of $\ell$ numbers $S \subseteq \{0, 1, \cdots, n - 1\}$ with $|S| \leq \ell$ is chosen, and we are given $13$ calls to the following oracle: Given a set $T \subseteq {0, 1, \cdots, n - 1}$ also with $|T| \leq \ell$, the server computes $T \setminus S$ and outputs $\{(u^2 + \varepsilon) \pmod{n} : u \in T \setminus S, \varepsilon \in \{0, 1\}\}$....

August 28, 2023 · grhkm, nhho, TWY

HKCERT CTF 2022 Making-of: Minecraft Geoguessr

One challenge we wrote for HKCERT CTF 2022 is Minecraft Geoguessr. In this blog post, we will talk about stuffs behind the scene, including how the challenge was created and the lessons learnt. If you are interested in the solution, please refer to @mystiz’s blog....

April 5, 2023 · apple, mystiz

LA CTF 2023 Writeup

Our collection of writeups for LA CTF 2023....

February 26, 2023 · a1668k, botton, cire meat pop, fsharp, J4cky, LifeIsHard, Kaiziron, RaccoonNinja

idekCTF 2022* Writeup

Our collection of writeups for idekCTF 2022*....

February 3, 2023 · botton, cire meat pop, fsharp, harrier, Hollow, J4cky, Kaiziron, LifeIsHard, Mystiz, ozetta, RaccoonNinja, TWY

ASIS CTF 2022 Finals Writeup

Our collection of writeups for ASIS CTF 2022....

January 10, 2023 · fsharp, grhkm, harrier, LifeIsHard, Mystiz, Viky

TetCTF 2023: pwn01

I did not solve it in time (30 minutes late T.T). However, I spent quite of lot of time on this challenge, so I might as well do a write up. Special thanks to Mystiz, fsharp, cire meat pop for helping me on this challenge....

January 9, 2023 · Viky

BackdoorCTF 2022 Writeup

We played BackdoorCTF and we won the second place....

December 24, 2022 · botton, fsharp, harrier, LifeIsHard, J4cky, Ja5on, Mystiz, Viky

BSides Mumbai CTF 2022 Writeup

We played BSides Mumbai CTF 2022 last week and we got the third. This is the write-up on the challenges we solved....

December 14, 2022 · cire meat pop, fsharp, grhkm, Hollow, Ja5on, LifeIsHard, Kaiziron, Mystiz, TWY