DLL Hijacking in Installers generated by Squirrel.Windows (CVE-2022-46330)
While bug hunting, I stumbled upon an open source repository which had been the cause of several of my bug bounty reports. This post goes into the details.
Read More
Synthesia Denial of Service due to Improper Path Handling (CVE-2021-33897)
I tried to reverse engineer my favourite piano application and discovered a weird interaction which leads to a persistent crash. As the developer is still working on the patch, I will not disclose any exploit details for now.
Read More
zer0pts CTF 2022 Writeup
I debated doing a writeup for this since I only worked on the easiest web challenge with my team, but since this blog needed an update I am publishing it. I solved miniblog++ after the CTF as a teammate solved it during it.
Read More
TP-Link TL-WR802N V4(JP) Command Injection Exploit (CVE-2021-4144)
I got some leftover giftcards from coming in second in the Japan Chess Sunday Cup Grand Prix and used all of them to purchase routers; this is one of the CVEs I got! Unlike my previous CVE-2020-35576, this vulnerability is present on the latest hardware of the router so I will not be disclosing the exploit details for now.
Read More
TISC 2021 Writeup
Very short TISC writeup as I only did up to level 2 out of 10. The lower levels were all steganography challenges which discouraged me from continuing. Writeup for level 2 may be added at a later date, but it is basically a DNS exfiltration challenge where you have to decode something in the subdomains to get the flag.
Read More
HTB Busines CTF 2021 Writeup
I solved 3 web challenges alone within 3 hours of starting the CTF. Was the Captain of our company team PwnWithClass, made up of members from Japan, Spain and France. Also worked on the last web challenge and the only misc challenge with a teammate.
Read More