11 minute read – posted on April 13, 2025 by Zack Orndorff
Overview
I had a great time playing quals this year with Shellphish. I usually try to write full-length stories for my writeups (see my blog archives for a few), but this one will be a bit less complete for time reasons.
Challenge description
Are you hearing what I’m hearing?
HOST: echoid-7xf5f2sbdofl6.shellweplayaga.me
PORT: 1337
Files:
echoid
fingerprints.db
$ nc echoid-7xf5f2sbdofl6.shellweplayaga.me 1337
Ticket please: ticket{redacted}
Send us your song to be identified
asdf
ERROR: Invalid input size: 1717859169
17 minute read – posted on August 6, 2022 by Zack Orndorff
This year was Samurai’s third time playing Hack A Sat’s (HAS) quals round. The first time we played, we qualified for finals. Year 2, we didn’t qualify. So this year we were hoping to qualify again. I personally wasn’t super involved in the first year, and only a bit involved last year (I don’t think the weekends lined up super great for me), but I was interested to take a shot at it this year and hopefully qualify! Blazin’ Etudes was the third of a series of microblaze reversing challenges, released on the last day of the competition (Sunday).
16 minute read – posted on May 3, 2021 by Zack Orndorff
This weekend, Samurai played the DEF CON CTF Qualifier event. We had a great time playing; much thanks to the organizers for putting on a great event! Many thanks to my teammates, it was awesome playing with you all! One of the challenges this weekend was called baby-a-fallen-lap-ray. It was categorized as a pwn challenge, and it made a comment about being ‘the return of the parallel machine (or is it?)’.
9 minute read – posted on November 13, 2018 by Zack Orndorff
I had the opportunity to compete in the CSAW CTF Finals 2018 for a second year in a row, with the UMBC Cyber Dawgs. It was a lot of fun, despite our somewhat lackluster finish in 10th place. I learned a lot. For instance, in this challenge, I learned how to exploit a Use-After-Free vulnerability (in WebAssembly no doubt!).
4 minute read – posted on November 15, 2017 by Zack Orndorff
I recently had the opportunity to compete in the CSAW CTF Finals with the UMBC Cyber Dawgs. It was an amazing competition; the organizers were awesome and did a great job. We placed 7th in North America, by the way :) If you’ve never heard of CSAW before, it’s a huge student-run security conference/competition. We played in the CTF, or capture-the-flag competition. I would consider one of the best undergraduate-level CTF competitions. CSAW CTF is a jeopardy style competition in which you have a board of challenges, and you get points for solving them. You solve the challenge by hacking at it until it gives you a flag of the form flag{th1s_i5_a_f1@g}, which you enter into the scoreboard to receive points. Team with the most points wins.
4 minute read – posted on March 24, 2016 by Zack Orndorff
So if you’re here, you’re probably one of three types of people. Most likely is
that I sent you here because you were wondering why the heck I mentioned this on
social media. It’s also possible that you actually care about why I generated a
GPG key. I happen to like my explanation, and I hope you do too :) Additionally,
in the unlikely case that you just want my key, you can find it at the bottom of
the post.
3 minute read – posted on March 18, 2016 by Zack Orndorff
So I wrote a blog post about my process of creating my March Madness bracket
last year, so I figure this year I’ll revisit it and explain what I changed.
(Note: I know this post is actually after March Madness started… but I’ve been
busy. I did actually create the bracket before the games began.)
I used Coder’s Bracket again for a couple
reasons. First, it was pretty cool last year, and I wanted to try it again. The
second was that I was really busy all week at Big Break
with Cru, and I didn’t have much extra time to fill out a bracket, so just
slightly modifying last year’s algorithm was really easy.
3 minute read – posted on March 17, 2015 by Zack Orndorff
I’m just okay at picking basketball brackets. I usually finish somewhere in the upper third of the pack, IIRC. However, it’s interesting to enter a bracket and watch the results come in (I almost never watch the games), so I usually make a bracket. This year, I decided to use Coder’s Bracket to create my bracket.
9 minute read – posted on March 10, 2015 by Zack Orndorff
As I thought about setting up my website and email, I wanted to have a way to give out disposable email addresses. That way, I can give Widget Co an email address unique to them, and I can know if they sell my email because I will get emails from Sprockets Inc. at my address for Widget Co. In that case, I can trash all email sent to that address, eliminating that spam.