Hello, this is the third episode of the Maldev Series and today we’re gonna talk about payload obfuscation. So we’ve gained a fundamental understanding of payload encryption. Obfuscation is anothe...

Introduction After completing Dante, I jumped straight into Zephyr, the final prolab needed for my CPTS certification. This prolab was intense and definitely stepped up the difficulty from Dante....

A Note on ECW and Fair Play I need to address something that left a bitter taste after this competition. While the technical challenges at ECW were interesting and well-designed, I was extremely d...

Hello guys, this is the episode 2 of the maldev series. Today we are evading Windows Defender, already. Why starting at the middle? In this episode I will assume that you read the first one. So...

GroupOffice Remote Code Execution Vulnerability Report Executive Summary A critical Remote Code Execution (RCE) vulnerability has been discovered in GroupOffice that allows authenticated users wi...

Hello everyone, I hope you’re doing well. This is the first article in this Maldev series. My journey I’m currently doing a master degree in cybersecurity at Oteria (Paris), and there was an opt...

Introduction Long time no see, I was working on the CPTS and this prolab. So this prolab was a lot of fun and headaches. Flex time So many reviews I won’t provide a detailed review, plenty of...

Introduction We are given a PE file: Click here to download it: Oscur.exe Initial Analysis Let’s start by analyzing the main function: There’s a bunch of puts and sleep calls that aren’t ver...

Introduction The Sublocku challenge shows how Sudoku validation works on the Ethereum blockchain. This challenge mixes blockchain development, storage handling, and puzzle-solving code. What makes...

Looking at the Contract Let’s check out this smart contract challenge. The contract uses Solidity version 0.8.26, which means it has built-in safety features that prevent overflows and handle erro...