splitline ๐๏ธ๐โโฌ me-retweet
splitline ๐๏ธ๐โโฌ
338 posts
splitline ๐๏ธ๐โโฌ
@_splitline_
@D3VC0R3 / CTF with ${cYsTiCk} / ๅๆฐๅ / Tai-gi, zh-TW, en-US, es-PY / ๐โโฌ
Tsu-lรด-Kuฤn, Tรขi-uรขn Bergabung Temmuz 2019
592 Mengikuti1.4K Pengikut
splitline ๐๏ธ๐โโฌ me-retweet
What Iโve always found amazing about CTFs is that "flag is flag". Whether you found an unintentional solve or pwned the browser with n-day for a XSS challenge, it didn't matter.
I totally get the frustration of AI, but there is no solution other than accepting the change.
siunam@siunam321
I started playing CTFs in 2022, and LLMs definitely changed the **competitive** CTF scene a lot, especially since mid-2025. I also started using LLMs in late 2025. Yes, those models did one-shot many challenges, but what's the fun of slopping them? I learned absolutely nothing ๐ฅฒ
English
splitline ๐๏ธ๐โโฌ me-retweet
splitline ๐๏ธ๐โโฌ me-retweet
splitline ๐๏ธ๐โโฌ me-retweet
A bit late, but I just published my blog post on bypassing Ubuntuโs sandbox! Hope you enjoy it!
u1f383.github.io/linux/2025/06/โฆ
English
splitline ๐๏ธ๐โโฌ me-retweet
The blog post is the full version of my talk at 38c3.
It's about some vulnerabilities we found in libarchive and some interesting behaviors of libarchive that you don't want to miss.
My favorite part is it only took us 56 seconds to trigger a crash by AFL++.
DEVCORE@d3vc0r3
Our latest deep dive explores libarchive vulnerabilities under recent Windows 11 updates. ๐๐ Check out NiNi's (@terrynini38514) technical write-up for key insights and security implications. Read more here: devco.re/blog/2025/02/1โฆ #VulnerabilityResearch #Cybersecurity
English
splitline ๐๏ธ๐โโฌ me-retweet
@dicegangctf @strellic This is just a rumor to make themselves feel better, CTFers doesn't have life and probably all single
English
splitline ๐๏ธ๐โโฌ me-retweet
๐คCongrats Orange(@orange_8361) and Splitline(@_splitline_) on making it to 2024 Top 10 Web Hacking Techniques!
Check out their groundbreaking research: portswigger.net/research/top-1โฆ
English
I will drop one web challenge there ๐โโฌ
ASIS-CTF@ASIS_CTF
๐จ Brace yourselves, hackers! ๐จ The #ASIS #CTF Finals 2024 are coming on December 28th! ๐ฅ 24 hours of non-stop hacking with mind-bending challenges that will push your limits. ๐ง Prepare for a thrilling ride - this is gonna be epic! #ASISCTF #CTF #Hacking
English
@TalBeerySec @orange_8361 @BlackHatEvents I read that before, it was quite interesting!
Youโre right. Unicode normalization has always been a security concern, but I wouldnโt call it the core issue here. For me the root cause is still โBest-fitโ. Unicode normalization is more of a broad bug category, like โinjectionโ
English
@orange_8361 @BlackHatEvents @_splitline_ Do you know this work presented by Microsoft's Jonathan Birch @BlackHatEvents 2019?
i.blackhat.com/USA-19/Thursdaโฆ
Seems like the same(?) core issue applied to a different attack surface
English
Our talk at #BHEU is done! Hope you all enjoyed it. ๐ A detailed blog is on the way, but in the meantime, check out the pre-alpha website worst.fit for early access and the slides!
Huge thanks to @BlackHatEvents and my awesome co-presenter @_splitline_! ๐โ
English
Our hackathon for that website Worst.Fit was done successfully ๐ฅฐ
Orange Tsai ๐@orange_8361
Our talk at #BHEU is done! Hope you all enjoyed it. ๐ A detailed blog is on the way, but in the meantime, check out the pre-alpha website worst.fit for early access and the slides! Huge thanks to @BlackHatEvents and my awesome co-presenter @_splitline_! ๐โ
English
Cool findings ๐โโฌ
Orange Tsai ๐@orange_8361
Remember CVE-2024-4577, the PHP-CGI RCE bypass? Actually, the Best-Fit 'feature' also impacts non-CJK codepages such as locales in the Americas, Western Europe, Oceania, and more! @_splitline_ and I will share these cool findings at @BlackHatEvents! ๐ฅ Let's make argument injection great again! ๐ #worstfit-unveiling-hidden-transformers-in-windows-ansi-42637" target="_blank" rel="nofollow noopener">blackhat.com/eu-24/briefingโฆ
English
splitline ๐๏ธ๐โโฌ me-retweet
Excited to share our research on Kernel Streaming! We discovered several vulnerabilities in it that we used at Pwn2Own this year.
Check it out: devco.re/blog/2024/08/2โฆ
English
I made one harder challenge ๐โโฌ
wargame.d3vc0r3.tw
Cyku@cyku_tw
I've prepared 3 easy wargame challenges for HITCON CMT 2024 event, plus my coworker's challenge for a total of 7 challenges. I hope everyone enjoys them๐ฅณ
English
splitline ๐๏ธ๐โโฌ me-retweet
I created a Linux Kernel challenge โHalloweenโ for the HITCON CTF Qual 2024 :). Below are the official writeup for โHalloweenโ and the unofficial writeups for "v8sbx" and "reEscape". Enjoy it!
Halloween & v8sbx: u1f383.github.io/ctf/2024/07/16โฆ
reEscape: u1f383.github.io/ctf/2024/07/18โฆ
English
splitline ๐๏ธ๐โโฌ me-retweet
PHP just fixed one of my RCE vulnerabilities, which affects XAMPP by default. Check to see if you are affected and update now! ๐ฅ
blog.orange.tw/2024/06/cve-20โฆ
English
splitline ๐๏ธ๐โโฌ me-retweet
๐ ACSC CTF 2024 has been started! ๐ Have fun and happy hacking! ๐ฅ๏ธ๐ป๐
#ACSCCTF2024 #CTF #icc #ic3game
English
๐ฑ
Asian Cyber Security Challenge (ACSC)@acsc_asia
๐ ACSC 2024 registration is LIVE! ๐ Gear up for the cyber showdown on Mar 30-31. Top 15 CTF players could represent Asia in Chile! ๐ ๐ Register: score.2024.ctf.acsc.asia More details โ acsc.asia #ACSC2024 #CyberSecurity #CTF #ACSC2024
ART