Profile cover photo
Profile photo
Gynvael Coldwind
Security Researcher
Security Researcher

Gynvael's posts

Post has attachment
0CTF 2017 - UploadCenter (PWN 523)
Welcome to another Menu Chall right~ Here you can use any function as you wish No more words , Let't begin 1 :) Fill your information 2 :) Upload and parse File 3 :) Show File info 4 :) Delete File 5 :) Commit task 6 :) Monitor File UploadCenter was a small...

Post has attachment
0CTF 2017 - complicated xss (web 177)
Complicated xss was a client-side web security task revolving around, well, XSSes. At the very start you were handed a way to XSS the admin (limited by proof of work) and the location of the flag - And well, all you knew. I ...

Post has attachment
0CTF 2017 - EasiestPrintf (PWN 150)
The task, as the name implies, was a rather basic (at first glance - there was a plot twist) format string bug in a short 32-bit Debian application. The initial description of the task was: --- Warm UP! A traditional Format String Attack. 1232...

Post has attachment
0CTF 2017 - char (shellcoding 132)
The code in the "char" task was rather simple - you get to send in 2400 bytes of input (using scanf 's "%2400s", so no whitechars allowed), then the input gets checked whether there are any non-ASCII characters (also excluding all control characters like ne...

Post has attachment
EKOPARTY CTF 2016 - Malware sample (RE 400)
In short, the reversing category 400 pts challenge was a journey starting with negligible x86-64 boilerplate code, leading through a somewhat obfuscated AutoIt script, and back to a small x86-64 shellcode with a small surprise. It wasn't hard in the end, bu...

Post has attachment
The FBI category is something new that I personally have not seen on a CTF (though in all honesty I did have a rather long break). An FBI task usually is about a service (or server) with a known address in one of the darknet areas of Internet (think: TOR or...

Post has attachment
CONFidence CTF 2016 task solution slides
The CONFidence CTF 2016  is over and therefore it is time for a short summary. Let's start with congratulating once again the top three teams who took home the prizes: Tasteless (2700 pts) p4 (2250 pts) 9447  (1900 pts) Well done, well played! The full scor...

Post has shared content
Last year (in June), I had the honour to present at Area41 with +Gynvael Coldwind on schizophrenic files. (this is my first talk specifically focused on this topic)


Post has attachment
#TIL  I always thought Norton Commander (1986) was the first double-pane+command-line file manager and it set the de facto standard for such file managers.
It seems that it's not the case - two years before, in 1984, an app called PathMinder was published. It looked like this (random links from google images): *

Furthermore, the name for the double-pane+command-line-type file managers is OFM - "Orthodox File Managers", and there even seems to be a standard for this:

Huh, the more you know ;)

* - worth adding the link to the site as well -

Post has attachment
CONFidence CTF 2015 - Slides explaining the tasks
Our CTF in Kraków ended today - big "Thanks!" goes to each and every team and player that participated, we hope you had fun :). After 27 hours of playing and quite a lot of shuffling going up all around the scoreboard, the winners were decided: 1. MSLC 2. H...
Wait while more posts are being loaded