Security - vovo

I have participiated in various CTFs as part of (now defunct) Hypnosec team and also on occasion attempt to break other things.

Acknowledgements

/var/tmp within the sandbox chroot was world-writable, where files would persist on disk on the server your program was run on.
It was possible to trick a user into logging out of Grok Learning by making their browser send a GET request to /logout/.
API responses for submissions that failed a test case always contained expected and actual output, even if this data was meant to be hidden from the user.
Due to a design flaw in the automarker, specially crafted output could cause a persistent XSS.

HashBang CTF (SUITS + UNSW SecSoc): Helped run and write a CTF as part of a collaboration between the Sydney University IT Society and UNSW Security Society.

UNSW CTF: The birth of Hypnosec. We placed 4th overall (2nd amongst high schools).

Looking for my PGP key? You can find a copy of 6BAC A624 AA74 167A E017 0FA2 5366 8CDD 5A90 8882 here, on the usual keyservers, and/or on Keybase.

Find a PGP signed document at /matrix.asc.