How I Do My CTF Writeups

I’ve been playing a lot of CTFs this summer. My goal was obviously to brush up on my offensive security skills, but also to practice doing security writeups. I wanted to post the writeups on my blog and publish them as PDFs. Writing the whole thing in a document editor is miserable, I hate using document editors. Then doing the whole thing again as a blog post just means even more work. So, here’s the workflow I developed this summer to do my writeups once using markdown, and easily publish in both formats.

More …

Lunchtime PHP Deobfuscation

I came across the bit of code posted below today while browsing Stack Overflow. The user who posted the question was asking what this bit of code actually did. He was aware that it was malicious due to the fact that it was on his server without his knowledge, and obfuscated. Unfortunately the question was marked as off topic, “Questions asking us to recommend or find a book, tool, software library, tutorial or other off-site resource are off-topic”.

More …

I'm Not Flattered - Plagiarism

At the moment my blog doesn’t have all that many posts on it, and I really don’t consider myself a serious blogger. I write when I feel like it, and in whatever tone I’m feeling like writing in at the moment. Odd as it may seem, I’m not normally writing with the intent of being read. This doesn’t mean that I don’t care when people read my articles. It’s especially good to receive comments and engage in discussion, but I’m not motivated to find as many readers as possible. I seldom share links to my blog posts on other sites, I simply write posts and visitors find them on search engines, or don’t find them at all.

More …