/tags/ctf/Recent content in CTF on THALIUMHugoen-usCopyright (c) 2026, all rights reserved.Tue, 07 Nov 2023 12:00:00 +0100/posts/ecw-2023-centralized-memory-write-up/Tue, 07 Nov 2023 12:00:00 +0100/posts/ecw-2023-centralized-memory-write-up/<strong>Centralized Memory</strong> was a hard Linux pwn challenge created for the European Cyber Week CTF 2023 qualifiers. This write-up covers the intended method of exploitation through a race condition, an AES padding bug and a stack overflow./posts/ecw-2023-kaleidoscope-write-up/Tue, 07 Nov 2023 12:00:00 +0100/posts/ecw-2023-kaleidoscope-write-up/<strong>kaleidoscope</strong> was a hard reverse engineering challenge created for the European Cyber Week CTF 2023 qualifiers, with a focus on Windows-specific mechanisms and VM-based obfuscation./posts/ecw-2023-the-calculator-in-shadow-write-up/Tue, 07 Nov 2023 12:00:00 +0100/posts/ecw-2023-the-calculator-in-shadow-write-up/<strong>The Calculator in Shadow</strong> was a hard pwn challenge created for the European Cyber Week CTF 2023 qualifiers. It included exploiting a RISC-V calculator running on top of a customized QEMU that featured a poorly implemented shadow stack./posts/ecw2021-writeup/Mon, 25 Oct 2021 12:00:01 +0100/posts/ecw2021-writeup/<p>For the <a href="https://www.european-cyber-week.eu/">European Cyber Week</a> CTF 2021 Thalium created some challenges in our core competencies: reverse and exploitation. This blog post presents some of the write-ups:</p> <ul> <li><a href="#chest">Chest (36 solve) - reverse</a></li> <li><a href="#fsb-as-a-service">FSB as a service (3 solve) - exploitation</a></li> <li><a href="#wysiwyg">WYSIWYG (3 solve) - reverse</a></li> <li>Pipe Dream (1 solve) - reverse <ul> <li>the author posted his solution on <a href="https://face.0xff.re/posts/ecw-ctf-2021-pipe-dream-writeup/">his personal blog</a></li> </ul> </li> </ul> <p>Thalium&rsquo;s challenges have been less resolved than others. They were not that difficult, but probably a bit more unexpected. A few additional challenges designed by Thalium are:</p>/posts/apocalypse2021-artillery/Wed, 28 Apr 2021 12:00:04 +0100/posts/apocalypse2021-artillery/<p><strong>Artillery</strong> was a web challenge of the Cyber Apocalypse 2021 CTF organized by HackTheBox. We were given the source code of the server to help us solve the challenge. This challenge was a nice opportunity to learn more about <strong>XXE</strong> vulnerabilities.</p>/posts/apocalypse2021-discovery/Wed, 28 Apr 2021 12:00:03 +0100/posts/apocalypse2021-discovery/<p>One of the least solved challenges, yet probably not the most difficult one. It is a Hardware challenge, though it is significantly different from the other challenges of this category. The first thing to spot is that when starting the challenge machine, we have access to two network services:</p> <ul> <li>an HTTP server, requesting an authentication</li> <li>an AMQP broker, <code>rabbitmq</code></li> </ul>/posts/apocalypse2021-off-the-grid/Wed, 28 Apr 2021 12:00:02 +0100/posts/apocalypse2021-off-the-grid/<p><strong>Off-the-grid</strong> was the 4th hardware challenge of the Cyber Apocalypse 2021 CTF organized by HackTheBox. We were given an <a href="/posts/misc/off-the-grid/off_the_grid.sal">Saleae trace</a> and schematics to analyse. Thalium was one of the very first of 99 players to complete it.</p>/posts/apocalypse2021-wii-phit/Wed, 28 Apr 2021 12:00:01 +0100/posts/apocalypse2021-wii-phit/<p><strong>Wii-Phit</strong> was the only <em>Hard</em> crypto challenge designed by <a href="https://cryptohack.org/">CryptoHack</a> for the <a href="https://www.hackthebox.eu/cyber-apocalypse-ctf-2021">Cyber Apocalypse 2021</a> CTF (there were also 4 challenges categorized as <em>Insane</em> though).</p> <p>There is already an excellent <a href="https://blog.cryptohack.org/cyber-apocalypse-2021#wii-phit">writeup</a> by the challenge organizers: one could recognize a well known equation related to the <a href="https://en.wikipedia.org/wiki/Erd%C5%91s%E2%80%93Straus_conjecture">Erdős–Straus conjecture</a>, some participants used <a href="https://github.com/Z3Prover/z3">Z3</a>. We took a different approach.</p>/posts/apocalypse2021-pwn/Wed, 28 Apr 2021 12:00:00 +0100/posts/apocalypse2021-pwn/<p>Thalium participated in the <a href="https://www.hackthebox.eu/cyber-apocalypse-ctf-2021">Cyber Apocalypse 2021</a> CTF organized last week by <a href="https://www.hackthebox.eu/">HackTheBox</a>. It was a great success with 4,740 teams composed of around 10,000 hackers from all over the world. Our team finished in fifth place and solved sixty out of the sixty-two challenges:</p> <p> <a href="/posts/img/Cyber_Apocalypse_2021-scoreboard.png" target="_blank"> <img src="/posts/img/Cyber_Apocalypse_2021-scoreboard.png" alt="fig_scoreboard"> </a> </p> <p>This article explains how we solved each pwn challenge and what tools we used, it is written to be accessible to beginners:</p>