Posts on 0x0d1n's Blog

[CTF] Root-Me Xmas 2025 - Web - Confusion among the Elves

Sun, 28 Dec 2025 00:00:00 +0000

The challenge is based on https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610, which introduced a new kind of attack called Dependency Confusion.

Fun fact: during day 1 of this challenge, when everyone started trying it, we were flagged by “automated security systems” as a threat actor. As a result, the challenge creator had to switch to local settings. More information: https://panther.com/blog/elf-on-a-(npm)-shelf

Challenge Description

Every winter, the elves’ factory relies on a massive statistics system to optimize gift production. Everything was running smoothly… until DevSecOops the elf spilled his eggnog all over his laptop. Disaster: he lost the only access to the production server, which contains the one and only copy of Santa’s List!
From his… let’s say “foggy” memory, the file should be somewhere inside the /opt/ directory.
Time is running out: without the list, there’s no way to finish production before the big day.
Your mission? Find a way to recover the list by accessing the production server!
Save Christmas… and DevSecOops’ already fragile reputation!
(Remember to clean up any files you create for this challenge—especially on external services—to avoid any hypothetical issues with your accounts.)

[Game Hacking] Gandalf - AI vs AI via LLM fuzzer

Wed, 28 Feb 2024 00:00:00 +0000

Last week, Microsoft released their framework for securing their generative AI systems, called PyRIT. This announcement made me realize that I had never really thought about the future of cybersecurity, which will probably involve testing these kinds of systems. Sure, I had played around with ChatGPT and tried a few prompt injection attacks (as everyone did in the beginning) but I had never looked more closely at all the possible vulnerabilities associated with these types of systems. So I figured I should take a deeper look at it.

[Game Hacking] JumpKing - Patching .NET MonoGame

Mon, 07 Nov 2022 00:00:00 +0000

Since I like to play video games in my free time, I wondered why not to start hacking them for fun and profit (knowledge). In this quest for knowledge, the first step was to start with something easy. So I decided to go for a single player game, which would be simple to understand and easy to play (little user intervention). That’s why I chose JumpKing. As you can see in the following video, the game is quite easy to understand and play with (left, right & jump) but still requires a lot of time to finish as it has a lot of layers (levels) that evolve in complexity the more you advance, making the game still difficult to beat

[Random] Reverse Shell & TTY Upgrade

Thu, 20 May 2021 00:00:00 +0000

Reverse shell

Reverse shells will allow users to get a foothold into the network of an already compromised target with the help of a shell session (remotely). This means that the target will initiate a connection to the attacker’s workstation that is already listening/waiting for it at a specific port (often a port higher than 1024). The connection will establish a shell session with the attacker and the target thus allowing the hacker to send commands to the target and retrieve its results like a normal shell.

[Certification] OSCP – Buffer overflow

Tue, 22 Oct 2019 00:00:00 +0000

Presentation of the Buffer Overflow Vulnerability as it is presented in the course