Solving CSCBE's webchallenges

Belgian cyber security challenge

A while ago I participated in the so called Belgian cyber security challenge which offers a CTF full of realistic cyber security challenges. In this blog post I describe how I solved two of the hardest ( and most realistic ) web challenges this CTF had to offer.

Flaw in facebook text authentication leads to account hijacking

At the end of 2015 I got serious about bug bounty and set myself this goal of getting into the wall of fame of the “big four”: Apple, Microsoft, Google and Facebook. Facebook was a though nut to crack but I managed to find a little bug in their text action authentication mechanism which landed me a spot on that precious hacker wall of fame.

Stored XSS in iCloud docs authentication form

Belgian cyber security challenge

A while ago I participated in the so called Belgian cyber security challenge which offers a CTF full of realistic cyber security challenges. In this blog post I describe how I solved two of the hardest ( and most realistic ) web challenges this CTF had to offer.

Remote code execution on Microsoft education

Belgian cyber security challenge

A while ago I participated in the so called Belgian cyber security challenge which offers a CTF full of realistic cyber security challenges. In this blog post I describe how I solved two of the hardest ( and most realistic ) web challenges this CTF had to offer.