Having had the chance to participate in Hackthebox’s 2023 Cyber Apocalypse CTF event, I saw it fit to make a writeup for the challenges I managed to solve and explain the pitfalls encountered along the way.

Jumping over to the Web Exploitation category for a change

In which I continue through the General Skills section of picoCTF

The challenge

The “Stonks” challenge from picoCTF2021 presents us with a binary epxloitation excercise, we are supposed to connect via netcat to an address presented to us as nc mercury.picoctf.net 53437 and we have a downloadable file titled vuln.c.

What is picoCTF? (from official website)

picoCTF is a free computer security education program with original content built on a capture-the-flag framework created by security and privacy experts at Carnegie Mellon University.

The following are my writeups on the first few “General Skills” challenges.

Please note, some information may be altered to preserve project confidentiality.

How it all started

At around the middle point of 2022, our team got instructed by a subject matter expert on how to design and conduct a performance test, this included the use of the tool k6 and Grafana as an observability platform for our metric dashboards.

Which was all well and good, assuming we’d get to use it.

Introduction

Just trying to get Hugo all set up

Main point of the blog will hopefully be security writeups, general learnings and mostly technical writings, I don’t expect it to blow up on hackernews or anything.