Fun with sine waves: DEF CON 2025 quals echoid writeup

11 minute read – posted on April 13, 2025 by Zack Orndorff

Overview

I had a great time playing quals this year with Shellphish. I usually try to write full-length stories for my writeups (see my blog archives for a few), but this one will be a bit less complete for time reasons.

Challenge description

Are you hearing what I’m hearing?

HOST: echoid-7xf5f2sbdofl6.shellweplayaga.me

PORT: 1337

Files:

$ nc echoid-7xf5f2sbdofl6.shellweplayaga.me 1337
Ticket please: ticket{redacted}
Send us your song to be identified
asdf
ERROR: Invalid input size: 1717859169

Source from the organizers: https://github.com/Nautilus-Institute/quals-2025/tree/main/echoid

Continue reading →

Categories: Ctf Security

Tags: Ctf Defcon Dsp Writeup

Blazin' Etudes - Hack A Sat 3 Quals (2022) - Writeup

17 minute read – posted on August 6, 2022 by Zack Orndorff

This year was Samurai’s third time playing Hack A Sat’s (HAS) quals round. The first time we played, we qualified for finals. Year 2, we didn’t qualify. So this year we were hoping to qualify again. I personally wasn’t super involved in the first year, and only a bit involved last year (I don’t think the weekends lined up super great for me), but I was interested to take a shot at it this year and hopefully qualify! Blazin’ Etudes was the third of a series of microblaze reversing challenges, released on the last day of the competition (Sunday).

Continue reading →

Categories: Ctf Security

Tags: Binary Ninja Code Ctf Hackasat Microblaze Writeup

Reversing and exploiting a program running in an undocumented VM

16 minute read – posted on May 3, 2021 by Zack Orndorff

This weekend, Samurai played the DEF CON CTF Qualifier event. We had a great time playing; much thanks to the organizers for putting on a great event! Many thanks to my teammates, it was awesome playing with you all! One of the challenges this weekend was called baby-a-fallen-lap-ray. It was categorized as a pwn challenge, and it made a comment about being ‘the return of the parallel machine (or is it?)’.

Continue reading →

Categories: Ctf

Tags: Binary Ninja Ctf Defcon Writeup

CSAW CTF Finals 2018 - Wic Wac Woe 1 writeup

9 minute read – posted on November 13, 2018 by Zack Orndorff

I had the opportunity to compete in the CSAW CTF Finals 2018 for a second year in a row, with the UMBC Cyber Dawgs. It was a lot of fun, despite our somewhat lackluster finish in 10th place. I learned a lot. For instance, in this challenge, I learned how to exploit a Use-After-Free vulnerability (in WebAssembly no doubt!).

Continue reading →

Categories: Ctf Security

Tags: Csaw Ctf Writeup

CSAW CTF Finals 2017 - KWS 1 Writeup

4 minute read – posted on November 15, 2017 by Zack Orndorff

I recently had the opportunity to compete in the CSAW CTF Finals with the UMBC Cyber Dawgs. It was an amazing competition; the organizers were awesome and did a great job. We placed 7th in North America, by the way :) If you’ve never heard of CSAW before, it’s a huge student-run security conference/competition. We played in the CTF, or capture-the-flag competition. I would consider one of the best undergraduate-level CTF competitions. CSAW CTF is a jeopardy style competition in which you have a board of challenges, and you get points for solving them. You solve the challenge by hacking at it until it gives you a flag of the form flag{th1s_i5_a_f1@g}, which you enter into the scoreboard to receive points. Team with the most points wins.

Continue reading →

Categories: Ctf Security

Tags: Csaw Ctf Writeup

Why I generated a GPG Key

4 minute read – posted on March 24, 2016 by Zack Orndorff

So if you’re here, you’re probably one of three types of people. Most likely is that I sent you here because you were wondering why the heck I mentioned this on social media. It’s also possible that you actually care about why I generated a GPG key. I happen to like my explanation, and I hope you do too :) Additionally, in the unlikely case that you just want my key, you can find it at the bottom of the post.

Continue reading →

Categories: Security

Tags: Cryptography Gpg

My March Madness Bracket 2016

3 minute read – posted on March 18, 2016 by Zack Orndorff

So I wrote a blog post about my process of creating my March Madness bracket last year, so I figure this year I’ll revisit it and explain what I changed. (Note: I know this post is actually after March Madness started… but I’ve been busy. I did actually create the bracket before the games began.)

I used Coder’s Bracket again for a couple reasons. First, it was pretty cool last year, and I wanted to try it again. The second was that I was really busy all week at Big Break with Cru, and I didn’t have much extra time to fill out a bracket, so just slightly modifying last year’s algorithm was really easy.

Continue reading →

Categories: Code

Tags: Basketball Bracket Code Javascript

My March Madness Bracket 2015

3 minute read – posted on March 17, 2015 by Zack Orndorff

I’m just okay at picking basketball brackets. I usually finish somewhere in the upper third of the pack, IIRC. However, it’s interesting to enter a bracket and watch the results come in (I almost never watch the games), so I usually make a bracket. This year, I decided to use Coder’s Bracket to create my bracket.

Continue reading →

Categories: Code

Tags: Basketball Bracket Code Javascript

Disposable Email Addresses with Postfix

9 minute read – posted on March 10, 2015 by Zack Orndorff

As I thought about setting up my website and email, I wanted to have a way to give out disposable email addresses. That way, I can give Widget Co an email address unique to them, and I can know if they sell my email because I will get emails from Sprockets Inc. at my address for Widget Co. In that case, I can trash all email sent to that address, eliminating that spam.

Continue reading →

Categories: Linux

Tags: Email Linux Postfix

Hello world!

1 minute read – posted on November 5, 2014 by Zack Orndorff

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!

Continue reading →

Categories: Uncategorized