Down to the Wire

Real World CTF RWDN: An Unnecessary Bug

Although I ended up not spending much time on this year’s RWCTF, I did (with the help of my awesome teammates) solve one problem: RWDN. The intended solution involved a bug in one of their middleware handlers that was designed incorrectly and allowed attackers to bypass a crucial check. However, I found that there was an alternate bypass that would have worked even if their code was correct. Let’s discuss what the bug is, and why it could be a problem for “real world” applications.

Hacking from the Pool: A DEF CON 2021 Retrospective

Much like the rest of the world, DEF CON CTF returned this year in a hybrid online/in-person format. For those who wanted it, space was reserved on the game floor to hack amidst the other teams that came to Vegas. For the rest of us who were still a bit nervous about large crowds, the infrastructure would be hosted online and accessible from anywhere in the world. Torn between the two choices, we opted this year for a middle ground: all of us together, but in a house 300 miles away.

Kill the Lights: Taking Control of Digital Privacy

A few months ago I installed the latest Android beta, excited by its new design language. Three days later I had to uninstall it when I got stranded at the grocery store thanks to the Uber app crashing. However, in that short time I benefitted from another new feature (that iPhone users already enjoy) wherein the OS would notify me when an app used the clipboard. Excited by this, I took the same ideas and ported them to Chrome via an open source extension called Kill Switch.