Missed the chance to grab a physical copy of our newsletter at OpenTechCon 2025? No worries — our newsletter is now available online! This issue features knowledge sharing, event recaps, and even a weird novel based on CTFs, all written by our teammates! Here’s the table of contents for Volume 3. Please note: some articles are in English, while others are in Cantonese. Ad-Hoc: Puzzle Solution Isekai Tensei Hakka Vol 1 Issue 5 Isekai Tensei Hakka Vol 1 Issue 6 Knowledge:...

Missed the chance to grab a physical copy of our newsletter at BSides HK 2025? No worries — our newsletter is now available online! This issue features knowledge sharing, event recaps, and even a weird novel based on CTFs, all written by our teammates! Here’s the table of contents for Volume 2. Please note: some articles are in English, while others are in Cantonese. Ad-Hoc: Puzzle Isekai Tensei Hakka Vol 1 Issue 3 Isekai Tensei Hakka Vol 1 Issue 4 Knowledge:...

Announcing Bauhinia Newsletter! Bauhinia Newsletter is one of our initiative for our members to share knowledge to others, containing technical articles, CTF and conference journals and team memes! Here is the table of content for the first volume! Notice some of the content are in English while some are in Cantonese. Knowledge Sharing The journey of my first cybersecurity certificate – Jimmy Reflections on “Reflections on Trusting Trust” – Stdor The Power of QR code recovery – a1668k Bauhinia CTF 2023 Image Factory – cire meat pop TetCTF 2024 LordGPT: Microsoft Azure OAuth Bug – vow Binary Similarity: Overview of BinDiff – wwkenwong How LLL works (simply) – Eason Traffic Routing in Kubernetes – ensy Flipper Zero 推坑簡介之 NFC – GonJK Threats Analysis for Running Out of Paper in Public Toilets – apple Introduction to Generative Model – streamline Interacting Breakpoints with OWASP ZAP API – vikychoi APT techniques studying: DLL sideloading – botton PuTTY’s P521 vulnerability, and a LLL primer – Mystiz Events 小妹火山遊🌋– grhkm Onsite Hardware Problem in SECCON 2023 Final – harrier SECCON Trip in Japan – hoifanrd Ad-Hoc Isekai Tensei Hakka Vol 1 Issue 1 – Ozetta Isekai Tensei Hakka Vol 1 Issue 2 – Ozetta You can download the pdf for this volume at here!...

Last year, I created a pwn challenge for the Bauhinia CTF competition. Personally, I consider it to be the most difficult pwn challenge I have ever created, and here I would like to share the challenge and its intended solution. At the same time, I will discuss common solving approaches you may find useful for this type of challenge. Overview As a CTFer, we have the obligation to code any program in a secure manner, even if a university assignment, right?...

Welcome!! (23 points, 663 solves) Difficulty: Warm-up We surely did get warmed up this CTF, as we came second, even beating the Cryptohackers (merge) team! Well done to everyone who participated 💜 Did it! (33 points, 220 solves) Difficulty: Easy The parameters $n = 127$ and $\ell = 20$ is fixed. A hidden subset of $\ell$ numbers $S \subseteq \{0, 1, \cdots, n - 1\}$ with $|S| \leq \ell$ is chosen, and we are given $13$ calls to the following oracle: Given a set $T \subseteq {0, 1, \cdots, n - 1}$ also with $|T| \leq \ell$, the server computes $T \setminus S$ and outputs $\{(u^2 + \varepsilon) \pmod{n} : u \in T \setminus S, \varepsilon \in \{0, 1\}\}$....

One challenge we wrote for HKCERT CTF 2022 is Minecraft Geoguessr. In this blog post, we will talk about stuffs behind the scene, including how the challenge was created and the lessons learnt. If you are interested in the solution, please refer to @mystiz’s blog....

Our collection of writeups for LA CTF 2023....

Our collection of writeups for idekCTF 2022*....

Our collection of writeups for ASIS CTF 2022....

I did not solve it in time (30 minutes late T.T). However, I spent quite of lot of time on this challenge, so I might as well do a write up. Special thanks to Mystiz, fsharp, cire meat pop for helping me on this challenge....