While bug hunting, I stumbled upon an open source repository which had been the cause of several of my bug bounty reports. This post goes into the details.

I tried to reverse engineer my favourite piano application and discovered a weird interaction which leads to a persistent crash. As the developer is still working on the patch, I will not disclose any exploit details for now.

I debated doing a writeup for this since I only worked on the easiest web challenge with my team, but since this blog needed an update I am publishing it. I solved miniblog++ after the CTF as a teammate solved it during it.

I got some leftover giftcards from coming in second in the Japan Chess Sunday Cup Grand Prix and used all of them to purchase routers; this is one of the CVEs I got! Unlike my previous CVE-2020-35576, this vulnerability is present on the latest hardware of the router so I will not be disclosing the exploit details for now.

Very short TISC writeup as I only did up to level 2 out of 10. The lower levels were all steganography challenges which discouraged me from continuing. Writeup for level 2 may be added at a later date, but it is basically a DNS exfiltration challenge where you have to decode something in the subdomains to get the flag.

I solved 3 web challenges alone within 3 hours of starting the CTF. Was the Captain of our company team PwnWithClass, made up of members from Japan, Spain and France. Also worked on the last web challenge and the only misc challenge with a teammate.