Write-up 🔥”Counter Strike: Squirrel Offensive” – ALLES! CTF 2021

September 6, 2021

This challenge involves an old version of CS:GO VScript, which is vulnerable to a UAF bug and a type confusion bug. UAF by resizing array in sort compare function The sort function of squirrel array is array_sort in sqbaselib.cpp, which will call _qsort: The r index passed into _qsort is fixed at the beginning, so by abusing array.resize in compare function, we can retrieve dangling reference […]

Web Application Firewall Exploit: If you cannot protect yourself, who can you protect?

May 12, 2020

Hi guys,As my previous article about web application firewall (WAF) bypass / exploit series, today I will write my experience when exploit another popular WAF from a local vendor in Vietnam which also has a bug bounty platform, this is the first time I reported a vulnerability to a bug bounty platform in Vietnam. However, […]

MeePwnCTF2017 TooManyCrypto Writeup

April 18, 2020

Setup challenge from https://github.com/tsug0d/MyAwesomeWebChallenge/

Akamai Web Application Firewall Bypass Journey: Exploiting “Google BigQuery” SQL Injection Vulnerability

March 31, 2020

Hi guys, long time no write.As some previous articles in my blog only focus on CTF writeups, so in this time and maybe the next time, I want to write another topic about my research also doing bug bounty hunter.So as the topic name above, in this time I will write about my experience when […]

SVATTT2019 Pentest Writeup

February 26, 2020

Setup challenge from https://github.com/tsug0d/MyAwesomeWebChallenge/

SVATTT2019 HackEmAll Writeup

February 9, 2020

Setup challenge from https://github.com/tsug0d/MyAwesomeWebChallenge/