In-depth writeups from public CTF challenges — pwn, reverse engineering, cryptography, web exploitation, and forensics. Focus on methodology, exploitation traps, and lessons learned rather than just "I got the flag".
A focused series on indirect prompt injection against AI-powered scanners — manipulating an LLM agent, via third-party content, into destructive actions, data exfiltration, and chaining into secondary network vulnerabilities. Each writeup includes a defense section (OWASP LLM Top 10 mapping + detection ideas).
- Exploiting AI agents to perform destructive actions — Apprentice — indirect prompt injection via blog comment makes the carlos-authenticated scanner delete its own account. Key insight: well-aligned agents flag aggressive payloads as findings; a plain owner-style request slips through. (LLM01 + LLM06)
- Exploiting AI agents to exfiltrate sensitive information — Apprentice — exfil variant with no results page, so the scanner is steered into posting carlos's API key as a comment. (LLM01 + LLM06 + LLM02)
- Exploiting AI agents to trigger secondary vulnerabilities — Practitioner — prompt injection drives a routing-based SSRF (forged
Hostheader = internal admin IP) to reach a loopback-only admin and delete carlos. (LLM01 + LLM06 + SSRF) - Bypassing AI scanner defenses to exfiltrate sensitive information — Practitioner — defeats a two-layer defense (input classifier + output redaction); the breakthrough reframes the leak as the PoC of a fake "comments don't redact API keys" bug, so the scanner leaks carlos's key to "confirm" it. (LLM01 + LLM06 + LLM02)
- Exploiting vulnerabilities in LLM APIs — Practitioner — the LLM calls a Newsletter API whose email argument reaches a shell command;
$(whoami)confirms command substitution andrmsolves the lab. (LLM06 + LLM07 + command injection) - Exploiting insecure output handling in LLMs — Expert — a disguised iframe survives the LLM response and executes as XSS because chat output is rendered unsafely. (LLM01 + LLM05)
- Indirect prompt injection — Practitioner — a product review uses structural boundary confusion (
END OF REVIEW/USER RESPONSE) to make Carlos' chat session calldelete_account. (LLM01 + LLM06) - Exploiting LLM APIs with excessive agency — Apprentice — a user-facing LLM exposes a raw
debug_sql(sql_statement)tool, turning chat into database read/write access. (LLM06 + LLM07)
This is a defensive cybersecurity research portfolio. It contains reconstructed writeups from challenges I worked through on publicly hosted CTF platforms (BUUCTF, SCTF, NSSCTF, NewStarCTF, etc.) and reproduction notes for published CVEs in isolated local Docker labs (vulhub). The repository serves three purposes: (1) personal technical reference; (2) training material for security analysts learning offensive-side TTPs in order to design better detection logic; (3) a public record of the methodology that backs my peer-reviewed academic work in adversarial machine learning.
Each writeup follows the same structure:
- File overview — protections, libc version, remote endpoint
- Vulnerability analysis — what's broken and why
- Exploitation path — the chain of primitives
- Full exploit — annotated payload script
- Traps / Lessons learned — what cost me hours and what I'd do differently
For the labs/ chapter specifically (CVE reproduction in vulhub Docker containers), writeups additionally include a Defense section covering vendor patches, Suricata/Sigma detection rules, threat-hunting queries, and IOCs — see the labs chapter for the constraint statement.
The author of this repository has a peer-reviewed publication in Computer Engineering and Applications (《计算机工程与应用》, Peking University Core Journal + CSCD index):
Data-Free Black-Box Adversarial Attack Method Based on GAN Computer Engineering and Applications, 2025, 61(7): 204. DOI: 10.3778/j.issn.1002-8331.2311-0227 Article page: http://cea.ceaj.org/CN/Y2025/V61/I7/204
Abstract. Adversarial examples can make deep neural networks output wrong results with high confidence. In black-box attacks, existing alternative model training methods require all or part of the training data of the target model to achieve good attack effects, but the training data of the target model is difficult to obtain in practical applications. Therefore, this paper proposes a GAN-based data-free black-box adversarial attack method. Without the training data of the target model, the noise of mixed label information is used to generate the training samples required by the substitute model. The label information of the target model and diversified loss functions are used to make the training samples evenly distributed and contain more feature information, so that the substitute model can effectively learn the classification function of the target model. Compared with DaST and MAZE, the proposed method reduces the number of adversarial perturbations and queries by 35%–60%, while increasing the success rate of FGSM, BIM, PGD attacks on CIFAR-100, CIFAR-10, SVHN, FMNIST, MNIST datasets by 6–10 percentage points on average. In the actual application of the black-box model scenario Microsoft Azure, the method achieves more than 78% attack success rate.
Keywords. black-box adversarial attack; generative adversarial network; substitute training; transfer attack; deep neural network
The original article is published in Chinese; the abstract and metadata above are the journal's officially published English translation (verifiable through the DOI link). The publication evidences the author's academic standing in adversarial ML and defensive AI security research.
This repository documents work produced with the assistance of large language model coding assistants (primarily Claude). The assistant is used for:
- Reverse engineering support — disassembling and symbolizing binaries, decoding custom VMs, identifying cryptographic primitives in obfuscated code
- Detection engineering — translating attack chains observed in CTF and vulhub challenges into Suricata / Sigma / YARA rules and threat-hunting queries
- Documentation and translation — producing English writeups from Chinese-language research notes so that methodology can be shared internationally
- Academic literature triage — surveying published work on adversarial ML and AI-system security
All targets analyzed in this repository are one of: (a) public CTF challenge binaries distributed by event organizers, (b) vulhub Docker images of vendor-patched CVEs run on 127.0.0.1 with no external network access, or (c) the author's own intentionally vulnerable lab VMs. No production system, third-party service, or unauthorized target is involved at any stage. The intent of this work is consistently defensive — understanding offensive techniques deeply enough to detect them, patch them, and write durable security controls.
Authorship statement. I am the sole author and decision-maker on every writeup in this repository. Claude is used as a research, translation, and drafting assistant; all exploit logic, vulnerability analysis, detection rules (Sigma / Suricata / YARA / SIEM queries), and methodological choices are designed, verified, and signed off by me. Where commits in this repository carry a Co-Authored-By: Claude trailer, that trailer is a transparency disclosure of AI assistance — not an attribution of intellectual authorship.
- Blog: https://1392081456.github.io — methodology notes on detection engineering and adversarial-ML research
- CTFtime: @colorfulwhitez (team APWN)
- Academic identity verifiable through the DOI publication record above
-
pwn.college Program Security: Return Oriented Programming — series-level note (30/31 solved, series complete):
ret2win→ stacked-return & arg chains → syscallexecve→read-to-.bss→ ret2libc/putsception → stack pivots → PIE/libc partial-overwrite brute → two-stage re-entry (Guarded Gadgets) → forking-server canary brute + BROP-style byte-by-byte return-address leak (ROP Roulette Easy/Hard), on the recovereddojo list/start/submit+scpworkflow. -
pwn.college Program Security — Full Module Archive (39/39) — full-module series note covering the memory-corruption families, constrained-shellcode levels through
micro-menace, and the closing FizzBuzz/latent-leak levels (ret2libc, arbitrary GOT write, mprotect-RWX, cross-libc residual canary) solved 2026-06-01. -
axb_2019_heap — format string leak + unsafe unlink → BSS self-reference — glibc 2.23 / unsafe unlink /
__free_hookhijack -
axb_2019_brop64 — ret2libc and the libc-subversion trap — glibc version detection / Partial RELRO ret2libc
-
SCTF 2019 easy_heap — null-byte off-by-one → tcache poison → mmap shellcode — glibc 2.27 / consolidation leak / RWX page
-
ACTF 2019 — babyheap: UAF + tcache reuse + printf %s GOT leak — glibc 2.27 / system@PLT pre-resolved / no libc leak needed
-
ACTF 2019 — babystack: stack pivot ret2libc — 16-byte overflow / stack address leak / leave;ret pivot
-
CISCN 2019 — n_3: 32-bit tcache UAF + strbuf overwrite — record-struct funcptr →
system("sh;#") -
CISCN 2019 — final_2: UAF + tcache poison → overwrite
stdin->_fileno— glibc 2.27 / I/O FILE manipulation /dup2(flag, 666)win primitive -
CISCN 2019 — c_3: 9-slot UAF + selfloop tcache fill + backdoor accumulator — glibc 2.27 /
deledoesn't NULL → repeated free fills tcache via self-loops /backdooras fd accumulator →__free_hook = one_gadget -
CISCN 2019 — c_5:
__printf_chkformat-string leak + tcache double-free — glibc 2.27 / Full RELRO + FORTIFY / 7th%p=_IO_2_1_stderr_→ libc base /__free_hook = system+free("/bin/sh") -
WUSTCTF 2020 — babyfmt: 4-stage format string +
stdout->_filenoredirect — glibc 2.23 /%hhnsingle-shot guard bypass / pre-rewrite stdout to escapeclose(1)+open(/flag)trap -
NPUCTF 2020 — easyheap: off-by-one overlapping ×2 — leak + write primitive /
__free_hookhijack -
SUCTF 2018 — stack: classic ret2win backdoor —
system("/bin/sh")gadget / +1 stack alignment -
HWB / 强网杯 2019 — mergeheap: merge overlap + tcache poison — glibc 2.27 / size≤0x400 forces tcache-fill leak /
mergedoesn't clear original ptrs creating overlap /__free_hook = one_gadgetgetshell
- pwn.college Program Security — Reverse Engineering — full 36-challenge series: verifier transforms, branch/integrity patching, Yan85 VM analysis and shellcode, plus Cows and Bulls file-format solving.
- WMCTF 2020 — easy_re: unpacking a PerlApp binary — PerlApp BFS resource extraction
- SCTF 2019 — creakme: AES-CBC, Base64, and SEH self-decrypting section — multi-layer crackme
- Wangding Cup 2020 Qinglong — jocker: SMC and stack-pointer repair — self-modifying code analysis
- Great Wall Cup 3rd — vvvmmm: UPX + Unicorn-embedded RISC-V VM — hardcoded-key polynomial hash drives 12 stream words XOR'd with the user input; trap is the
UC_RISCV_REGenum offset (0xb = X10 = a0, nota1)
-
GUET-CTF 2019 — encrypt: RC4 + shifted Base64 alphabet — custom encoding combinations
-
GKCTF 2021 — XOR: recovering prime factors from XOR + product — Hensel-style lifting / product-range pruning / bit-reversal coupling
-
MRCTF 2020 Easy_RSA — factoring
nfromφ(n)and frome·d— two-stage Vieta's reduction / small-k brute force -
LitCTF 2025 — math: RSA
hint = (p+noise)(q+noise)leak — Pollard rho onhint−nto recover 40-bit noise / Vieta closing top, q -
XCTF 9th Finals — Tch3s: predictable
srand(time())seed — brute the Unix-timestamp seed off Test 1 plaintext, then inject the recovered key into the binary via gdb-python and call its own decrypt -
GHCTF 2025 — baby_signin: e=4 non-coprime AMM root extraction — square root signin via AMM
-
GHCTF 2025 — EZ_Fermat: polynomial-GCD RSA factoring — Fermat's little theorem / poly-GCD over
Z/n -
GHCTF 2025 — MIMT_RSA: meet-in-the-middle 36-bit composite key recovery — multiplicative-homomorphism MITM
-
UTCTF 2020 — basic-crypto: 4-layer encoding onion — Binary → Base64 → ROT10 → Substitution
-
Yangqibei 2025 — big_e_rsa: Eisenstein integer RSA — Eisenstein primes / floating-point
drecovery
-
PortSwigger SQLi 1-18 — series consolidation — methodology track: 18-lab overview table (surface/channel/payload) + blind-SQLi extraction decision tree + detection mapping. From tautologies to OOB exfiltration.
-
PortSwigger XSS 1-30 — series consolidation — browser-context track: HTML/attribute/JS/DOM/Angular/SVG/CSP contexts, stored-impact labs for cookies/passwords/CSRF, and same-site collection channels that avoid unnecessary OAST dependency.
-
PortSwigger CSRF 1-12 — series consolidation — state-transition track: broken token validation, token-cookie binding mistakes, SameSite Lax/Strict bypasses, Referer validation flaws, and sibling-domain CSWSH.
-
PortSwigger DOM-based vulnerabilities 1-7 — series consolidation — client-side source-to-sink track: web messages, DOM open redirects, cookie manipulation, and DOM clobbering against globals and sanitizer attributes.
-
PortSwigger CORS 1-3 — series consolidation — origin-trust track: arbitrary Origin reflection, trusted
nullorigins, and HTTP subdomain trust that turns stock-subdomain XSS into main-site API-key disclosure. -
PortSwigger Web LLM attacks 1-8 — series consolidation — methodology track on negotiating phrasing with an aligned agent: LLM-tool labs (excessive agency / command injection / indirect injection / insecure output) + AI-scanner labs (delete / exfil / secondary SSRF / defense bypass). De-attack framing, echo channels, OWASP LLM Top 10.
-
PortSwigger Web Cache Deception 1-5 — series consolidation — all five WCD labs: path mapping, path delimiters (
;), origin vs cache normalization (mirrored), exact-match rules + a CSRF chain (Expert). Three axes (what caches / who normalizes / which delimiter) + the timing/self-poisoning/grab-race gotchas the official solution omits. -
PortSwigger Clickjacking 1-5 — series consolidation — UI redressing track: CSRF-protected deletion, URL-prefilled forms, sandboxing a frame-buster, clickjacking as a DOM-XSS trigger, and multistep confirmation clicks. The practical trap is measuring coordinates against the iframe viewport, not the outer browser.
-
PortSwigger XXE 1-9 — series consolidation — entity-resolution track: file read, metadata SSRF, blind OOB, parameter entities, external DTD exfiltration, parser-error retrieval, XInclude, SVG/Batik upload, and local DTD repurposing.
-
PortSwigger SSRF 1-7 — series consolidation — server-side URL-fetching track: loopback admin, internal subnet discovery, blind OAST proof, blacklist bypasses, open-redirect pivoting, header-to-CGI Shellshock validation, and whitelist parser disagreement.
-
PortSwigger HTTP Request Smuggling 1-22 — series consolidation — parser-boundary track: CL.TE, TE.CL, TE obfuscation, front-end rewrite leaks, request capture, cache poisoning/deception, HTTP/2 downgrade, request tunnelling, CL.0/0.CL, client-side desync, and pause-based desync.
-
PortSwigger OS Command Injection 1-5 — series consolidation — execution-channel track: direct output, timing oracle, web-root output redirection, DNS OOB proof, and DNS-label data exfiltration.
-
PortSwigger SSTI 1-7 — series consolidation — template-context track: ERB, Tornado, FreeMarker, Handlebars, Django object disclosure, FreeMarker sandbox breakout, and custom business-object exploitation.
-
PortSwigger Path Traversal 1-6 — series consolidation — canonicalization track: raw traversal, absolute-path bypass, non-recursive stripping, double decoding, prefix validation, and null-byte extension bypass.
-
PortSwigger Access Control 1-13 — series consolidation — authorization track: unprotected admin routes, client-controlled roles, IDOR, redirect-body leaks, object references, URL/method/workflow/Referer authorization gaps.
-
PortSwigger Authentication 1-14 — series consolidation — authentication-state track: username oracles, rate-limit flaws, MFA state/binding bugs, reset logic/poisoning, remember-me cookies, offline cracking, and bulk credential submission.
-
PortSwigger WebSockets 1-3 — series consolidation — socket-security track: WebSocket frame manipulation, cross-site WebSocket hijacking, and handshake header manipulation.
-
PortSwigger Web Cache Poisoning 1-13 — series consolidation — cache-key track: unkeyed headers/cookies/query/body, parameter cloaking, URL normalization, DOM gadgets, cache key injection, and internal cache poisoning.
-
PortSwigger Insecure Deserialization 1-10 — series consolidation — object-graph track: PHP object mutation/type juggling, app-functionality gadgets, Java/PHP/Ruby pre-built chains, custom gadgets, and PHAR metadata triggers.
-
PortSwigger Information Disclosure 1-5 — series consolidation — leak-to-impact track: verbose errors, debug pages, backup source, TRACE-revealed trust headers, and exposed Git history.
-
PortSwigger Business Logic Vulnerabilities 1-12 — series consolidation — invariant-testing track: price/quantity/money flaws, inconsistent controls, workflow/state-machine bypasses, encryption oracles, and email parser discrepancies.
-
PortSwigger HTTP Host Header Attacks 1-7 — series consolidation — host-trust track: reset poisoning, Host-based auth bypass, ambiguous-request cache poisoning, routing-based SSRF, connection-state bypass, and dangling markup.
-
PortSwigger OAuth Authentication 1-6 — series consolidation — OAuth-binding track: implicit-flow profile trust, dynamic-registration SSRF, missing-state linking CSRF, redirect_uri hijacking, open redirects, and postMessage token proxying.
-
PortSwigger File Upload Vulnerabilities 1-7 — series consolidation — upload-boundary track: MIME trust, path traversal, extension blacklist bypasses, null-byte tricks, image polyglots, and validation race conditions.
-
PortSwigger JWT 1-8 — series consolidation — token-verification track: unverified signatures,
alg:none, weak HMAC secrets,jwk/jku/kidkey injection, and RS256/HS256 algorithm confusion. -
PortSwigger Essential Skills 1-2 — series consolidation — targeted-scanning track: using Burp Scanner as a manual-testing amplifier for file-read discovery and custom insertion points in structured cookies.
-
PortSwigger Prototype Pollution 1-10 — series consolidation — property-lookup track: client-side DOM gadgets, one-pass sanitizer bypasses, server-side merge pollution, non-reflective detection, and child-process option gadgets.
-
PortSwigger GraphQL API Vulnerabilities 1-5 — series consolidation — schema-and-transport track: introspection leaks, hidden endpoints, alias batching, resolver authorization gaps, and form-urlencoded GraphQL CSRF.
-
PortSwigger Race Conditions 1-6 — series consolidation — state-transition track: limit overruns, lockout races, multi-endpoint checkout, email confirmation mismatch, timestamp tokens, and partial construction.
-
PortSwigger NoSQL Injection 1-4 — series consolidation — MongoDB query-shape track: JavaScript condition injection, operator-based authentication bypass, boolean extraction, and unknown field/token discovery.
-
PortSwigger API Testing 1-5 — series consolidation — contract-drift track: exposed documentation, server-side parameter pollution, hidden methods, mass assignment, and REST path pollution.
-
Drupalgeddon2 — CVE-2018-7600 render array RCE — Drupal 8 / Form API AJAX /
#post_renderinjection -
GYCTF 2020 Ez_Express — Unicode case folding + EJS prototype pollution — Node.js /
outputFunctionNameinjection /U+0131filter bypass -
Wangding Cup 2020 Xuanwu SSRFMe — Gopher → Redis webshell — SSRF /
0.0.0.0bypass / double URL encoding -
CISCN 2019 Dropbox — PHP Phar deserialization + POP chain —
__callbridge /GIF89astub /file_existstrigger -
DASCTF 2023 EzFlask — Python class pollution via
__globals__— Flask / recursive merge /__file__overwrite -
CISCN 2019 East-South — double_secret: Flask RC4 leak + Jinja2 SSTI RCE — debug-page RC4 / SSTI command exec
-
CISCN 2019 Finals — easyweb:
\0quote-eating SQLi + Cookie XOR forge + log-shell — multi-stage chain -
GHCTF 2025 — EZ_readfile: MD5 strong collision + file read —
docker-entrypointinfo disclosure -
GHCTF 2025 — SQL: UNION injection with strict WAF — direct column-name guessing bypassing all function calls
-
LitCTF 2025 — easy_file: PHP LFI + upload chain — silent WAF baseline /
<?=short-tag upload bypass -
LitCTF 2025 — multiverse_diary: Express prototype pollution →
isAdmin— Node.js merge pollution -
LitCTF 2025 — nest_js: Next.js weak password + JS bundle flag leak — client-side bundle disclosure
-
LitCTF 2025 — star_wish: Jinja2 SSTI
{% %}tag bypass — command concatenation -
NewStarCTF 2023 — medium_sql: boolean blind injection +
%53ELECTbypass —innodb_table_statsfallback -
NPUCTF 2020 — yanzhengma: saferEval regex bypass + arrow-function parameter shadowing —
String → Functionprototype chain RCE -
SWPUCTF 2025 — sql_not_just_sql: numeric injection +
multi_querystacking + UDF RCE — privilege escalation chain -
Wangding Cup 2020 Baihu — picdown: arbitrary file read +
/proc/fdsecret recovery — hidden route RCE -
Xuanwu Cup 2025 — ez_fastapi: blind SSTI memory shell +
sudo chmodescalation — FastAPI in-memory route hijack -
Xuanwu Cup 2025 — jinja: Jinja2 SSTI without filters — entry-level SSTI
-
Yangcheng Cup 2020 — break_the_wall:
evalbackdoor + function-name blacklist bypass — flag in environment variable -
PortSwigger — Exploiting AI agents to perform destructive actions — indirect prompt injection via blog comment / LLM scanner with carlos session deletes the account / LLM01 + LLM06
-
PortSwigger — Exploiting AI agents to exfiltrate sensitive information — indirect prompt injection exfil variant / no results page (404) so the scanner posts carlos's API key as a comment / LLM01 + LLM06 + LLM02
-
PortSwigger — Exploiting AI agents to trigger secondary vulnerabilities — Practitioner / prompt injection drives a routing-based SSRF (Host header = internal admin IP) to reach a loopback-only admin and delete carlos / LLM01 + LLM06 + SSRF
-
PortSwigger — Bypassing AI scanner defenses to exfiltrate sensitive information — Practitioner / defeats a two-layer defense (input classifier + output redaction); the leak is reframed as the PoC of a fake "comments aren't redacting API keys" bug / LLM01 + LLM06 + LLM02
-
PortSwigger — Exploiting vulnerabilities in LLM APIs — Practitioner / Newsletter Subscription API email parameter reaches shell command substitution;
$(whoami)OOB proves execution ascarlos, then target file deletion solves the lab. -
PortSwigger — Exploiting insecure output handling in LLMs — Expert / indirect review payload preserves an iframe in LLM output; unsafe chat rendering submits the account deletion form in Carlos' browser.
-
PortSwigger — Indirect prompt injection — Practitioner / product review boundary confusion (
"]]]}}}}---END OF REVIEW ----USER RESPONSE----) makes the victim's LLM session calldelete_account. -
PortSwigger — Exploiting LLM APIs with excessive agency — Apprentice / LLM exposes
debug_sql(sql_statement), enabling raw SQL reads and deletion ofcarlosvia chat.
-
OtterCTF 2018 — Name Game (memory forensics) — Volatility 3
pslistfallback / WZ record parsing / dump anchoring -
Hecheng Cup 2021 — Traffic Analysis (boolean-blind SQLi PCAP) —
tcp.streampairing / frequency cross-validation /tsharkfield extraction -
Changcheng Cup 2024 — SnakeBackdoor (Linux trojan + custom protocol) — 33-layer base64+zlib unpacking / glibc
srand+randsession key / LD_PRELOAD binary oracle -
0x401 CTF 2025 — TECI (.NET NativeAOT trojan) — NativeAOT string recon / RC4+XOR dual-key swap trap / length-prefix protocol parsing
-
Xuanji Supply Chain Part 2 — caterpillar / cheshire-cat / twiddledee — multi-stage supply-chain poisoning + reverse-shell backdoor IR
-
Xuanji Supply Chain Part 3 — Jenkins + Gitea CI/CD compromise — webhook hijacking / command injection / credential exfiltration
-
Tieren Triathlon 2024 Finals — APK + Tomcat + PAM backdoor (18-question full chain) — JWT role forgery / Behinder per-session AES / PAM
repz cmpsbmagic password //tmp/.sshlogcredential exfil -
Xuanji Lab 2025 — Cobalt Strike Traffic Analysis (11-question IR) — CS 4.4 stager extraction / 1768.py config parse / Docker 2375 unauth → teamserver keystore / RSA-1024 private key recovery / per-session AES traffic decrypt
-
0x401 CTF 2025 — FlagSyndicate (Xianji #328 / #329, 18-question IR) — VMDK NBD read-only mount / yescrypt cracking with john / ELF reverse with AES key+IV appended to ciphertext / base64-in-base64 payload / MySQL 8.0.36 InnoDB offline revival via Docker
-
Zhenxing Cup 2025 — Phishing Oversight (EML forensics) —
X-HAS-ATTACH: noforgery / base64 decoy that is actually the XOR key (ctf_is_good_boy) / docx repair from XOR-encrypted ZIP -
Zhenxing Cup 2025 — ICS C2 (OPC UA traffic) — OPC UA node values abused as bidirectional C2 (
REACTOR-001-SEG##commands /RESULT-SEG##answers) / segmented base64 reassembly into JSON / no encryption used -
GHCTF 2025 — mybrave: bkcrack ZipCrypto known-plaintext + PNG steganography — ZIP crypto break + image stego
-
GHCTF 2025 — mypcap: Tomcat Behinder webshell AES traffic decrypt + MySQL data extraction — per-session AES key recovery
-
NewStarCTF 2023 — last_traffic: boolean-blind PCAP reconstruction — HTTP response length True/False distinction
-
Xuanji DMZ2 Ubuntu — IR: Nacos CVE-2021-29442 + UID=0 hidden backdoor
sys-update— multi-stage server triage -
CISCN / Changcheng Cup 2024 — WinFT (Windows IR, 6-question full chain) — VMDK NBD RO mount / C2 beacon hunt / AES-CBC side-channel / phishing decode
-
Pengcheng Cup 2025 — The Rogue Beacon (CAN-bus chassis forensic) — SocketCAN 125 / rogue ID filtering / peak-speed frame localization
-
DASCTF 2025 H1 — Webshell_Plus (Bluetooth OBEX traffic) — Bluetooth H4 / OBEX file reassembly (tshark hex stitching,
--export-objectsnot supported) / JPEG trailer ZIP / Windows ZIP password GBK encoding forの(a4 ce≠ UTF-8e3 81 ae) / grayscale PNG R-channel as UTF-8 text steganography
Attacker-perspective writeups for published CVEs reproduced in local Docker labs (primarily vulhub). Complements the forensics chapter, which covers the defender view of the same vulnerability classes. The list below is a curated subset highlighting representative cases — the full index of 23 CVE writeups with difficulty / class metadata is in labs/README.md, and the labs/ directory itself holds the underlying reproductions, Sigma rules, Suricata SIDs, IOC tables, and SIEM hunting queries.
🔗 Detection-as-code distribution. The 30 Sigma rules and 24 Suricata signatures embedded in these lab writeups are also packaged for direct production use in a separate repository:
1392081456/sigma-detection-rules. That repo ships the rules with CI-enforced structural lint, a deterministic extractor that pulls from thisctf-notes/labstree, and an MIT license. Methodology behind the four-step CVE → rule pipeline is documented in the companion blog post.
- Apache Shiro 1.2.4 —
rememberMedeserialization RCE (CVE-2016-4437) — hardcoded AES key / CommonsBeanutils1 gadget chain /TemplatesImplbytecode loading - Apache ActiveMQ — OpenWire deserialization RCE (CVE-2023-46604) — Spring
ClassPathXmlApplicationContextgadget over OpenWire wire protocol - Jenkins CLI —
expandAtFilesarbitrary file read → RCE (CVE-2024-23897) — args4j@filenameexpansion / anonymous CLI / credential decryption pivot - Grafana — DuckDB SQL injection → RCE (CVE-2024-9264) — SQL Expressions API /
read_blob()file read /shellfsextension command execution - TeamCity — Authentication bypass → admin RCE (CVE-2024-27198) — Servlet path-parameter trick / unauthenticated REST API / admin account creation
- ZeroShell —
kerbynetpre-auth command injection → root (CVE-2019-12725) — unmaintained vendor / detection-only defense (Sigma + Suricata + Splunk + Sentinel) / paired Docker reproducer + ELF IOC extractor - Apache ActiveMQ — Jolokia addNetworkConnector → Spring XML RCE (CVE-2026-34197) —
static:(vm://rce?brokerConfig=xbean:http://...)URI chain / MethodInvokingFactoryBean / CDATA XML safety - GNU InetUtils — telnetd USER argument injection auth bypass (CVE-2026-24061) —
USER=-froot→login -f/ NEW-ENVIRON telnet negotiation / direct root shell - Chartbrew — MongoDB dataset
new Function()injection RCE (CVE-2026-25887) — Node.js sandbox escape /global.process.mainModule.require('child_process')/ AST validation fix
- 2025 ZhuJian Cup — Dimensionality Reduction Strike (Peano L-System QR recovery) — 729=3⁶ Peano curve / 3-frame subpixel phase separation / turtle graphics pixel reordering
The challenges shown above are the curated deep writeups. For the complete index of ~300 challenges I have worked through (covering BUUCTF, NSSCTF, GHCTF, NewStarCTF, LitCTF, and other platforms), see CATALOG.md.
Common patterns I document across writeups:
- Recon discipline —
checksec,file,strings,readelf -sbefore opening IDA - Libc version awareness — never trust default libc; verify with
strings libc.so.6 | grep release - Trap documentation — anything that cost more than 10 minutes gets a "Trap" callout for future reference
- Methodology over flag — the writeups privilege why each step works over what each step does
Everything documented here concerns challenges from publicly hosted CTF events, training platforms, and isolated local Docker labs of published CVEs (vulhub-style). CTF binaries are organizer-distributed for educational purposes; lab targets are vulhub Docker images of vendor-patched software, run on 127.0.0.1 with no remote access. Nothing in this repository is intended to be applied to real systems, third-party services, or production software. Techniques described are general reverse-engineering and exploitation methodology that has been publicly documented in academic literature and conference talks for years.
| Target class | Authorization basis |
|---|---|
| CTF challenge binaries | Distributed by competition organizers as training material; participants are explicitly authorized to analyze and exploit them |
| vulhub CVE labs | Vendor-patched vulnerabilities reproduced in local Docker containers on 127.0.0.1; the author owns the host and the containers; no external traffic involved |
| Lab VMs | Author-owned virtual machines on author-owned hardware |
No target in this repository is a third-party production system, a service the author does not own, or a network the author has not been explicitly authorized to assess. Any reader who wishes to reproduce this work must arrange equivalent authorization (own the lab, run vulhub in isolation, or have written permission from a CTF organizer).
The labs/ chapter is structured so that the Defense section (hardening, vendor patches, Suricata/Sigma detection rules, threat-hunting queries, IOCs, post-compromise triage) occupies the majority of each writeup. Attack reproduction steps are kept concise and serve only to justify and validate the detection logic that follows. This reflects the author's research focus: offensive understanding in service of detection engineering and incident response, not offensive capability for its own sake.
MIT — feel free to learn from / reference these notes; please cite if used in derivative work.