Mal Breaks Things
And sometimes fixes them
Long Distance 2
Long Distance 2
· ☕ 13 min read

This weekend I participated in the Real World CTF with WreckTheLine. Unlike many other CTFs, these challenges were all based on real applications and systems. It’s interesting being able to use (and gain) domain knowledge, and while contrived challenges are fun, exploiting a system that exists in the real world – on the real internet – is another level of engagement.

Hacker's Playground: Legonigma
Hacker's Playground: Legonigma
· ☕ 7 min read

I recently participated in Samsung’s Hacker’s Playground CTF with Wreck The Line. We finished with 1592 points, in 26th place of 1075 teams. Most of my time was spent on Legonigma, an interesting 500 point challenge based on two renders of a Lego cryptography gadget.

1Password's Privacy Surprises
1Password's Privacy Surprises
· ☕ 10 min read
Design problems with 1Password may allow schools and workplaces to see what sites users have in their vaults, and allows family organizers to grant themselves access to secondary vaults.
ImaginaryCTF 2021
ImaginaryCTF 2021
· ☕ 12 min read
This weekend I participated in ImaginaryCTF 2021 with WreckTheLine. We finished third out of 1018 entrants, the final team to complete all 55 challenges and hit 11330 points, missing second place by 3.5 minutes. Here are my writeups for System Hardening 5 and New Technology.
Minimally-Invasive Smart Outlet Surgery
Minimally-Invasive Smart Outlet Surgery
· ☕ 6 min read

I have several EFUN SH331W smart outlets for controlling various lights. They’re based on a whitelabel ESP8266 design by Tuya, so I usually use tuya-convert to flash them with Tasmota so I can control them with MQTT. Unfortunately tuya-convert is a rather tedious and error-prone process, and recently I managed to soft-brick one.