Blog

Explore my thoughts and insights in the blog posts below, or browse by topics on the categories page.

Showing 125 posts in this blog.

What GitHub exposes about you: Name, Location, and more

Discover how your GitHub commits may leak personal info such as your name, email, location and work habits, and how you can reduce that exposure.

Hackvent 2024: Day 24

A long MP3 audio file was reversed and sped up to restore its original form, revealing a hidden flag spoken by a TTS voice partway through.

Hackvent 2024: Hidden Easy

Uncover hidden flags in images with steganography! Using Aperisolve, we found a hidden flag in the LSB of the blue channel through RGB analysis.

Hackvent 2024: Day 23

Decode a mysterious pattern with the Ogham language to uncover a hidden secret flag.

Hackvent 2024: Day 22

Discover how to uncover hidden secrets in GitHub repositories by exploring remote refs and deleted commits in this engaging challenge.

Hackvent 2024: Day 21

Brute-force a timestamp on a Pastebin-like website, decrypt hidden text using an obfuscated JS function, and uncover the flag

Hackvent 2024: Day 19

Discover how to find a hidden flag in a virtual machine by visualising disk errors with ddrescue, revealing hidden information from damaged sectors.

Hackvent 2024: Day 18

Learn how to extract hidden data from an image by analysing the LSB of RGB channels and creating a QR code using bit manipulation techniques.

Hackvent 2024: Day 17

Discover vulnerabilities in a custom RSA and AES implementation, exploit APIs to elevate to admin, and retrieve the hidden flag through clever cryptographic techniques.

Hackvent 2024: Day 16

Learn how to solve an ECDSA biased-k lattice attack to uncover the original private key and hidden flag using MSB manipulation and brute force techniques.

Hackvent 2024: Hidden Hard

Exploring Chrome's Favicon SQLite database, we found a raw favicon blob linked to a hidden URL. Scanning it revealed the hidden flag!

Hackvent 2024: Day 15

Help Blitzen, Prancer, Comet, and Dancer crack passwords, decode hidden files, and solve cryptographic puzzles as they prepare for their grand symphony!

Hackvent 2024: Day 10

Explore how to reverse-engineer a ransomware binary, bypass anti-VM checks, decrypt AES-encrypted files, and exploit web vulnerabilities to recover encrypted files.

Hackvent 2024: Day 9

Explore a fascinating journey of network traffic analysis, Docker container inspection, Python code deobfuscation, and Hashicorp Vault setup to uncover hidden secrets.

Hackvent 2024: Day 7

Solve a maze with Python using pathfinding and dynamic programming to collect all gifts and reach the exit in the fewest moves.

Hackvent 2024: Day 6

Learn how to extract flags from a Windows system running in Wine using netcat, VBS scripts, and hex editors to solve a challenging cybersecurity puzzle.

Hackvent 2024: Hidden Medium

Using Volatility 3 and a custom Notepad plugin, we extracted unsaved text from memory, revealing a password. Steghide then uncovered a hidden flag in a QR code.

Hackvent 2024: Day 5

Explore how to analyze a 2GB memory dump, recover hidden files, crack passwords with Hashcat, and uncover secrets using forensic tools in this detailed guide.

Hackvent 2024: Day 4

Learn how to decode a messed-up QR code using Python by analysing the GIF colour palette table and extracting hidden data for a scannable result.

Hackvent 2024: Day 3

Explore how a timing attack reveals admin credentials, leading to clever exploitation of path traversal to uncover the flag.

Hackvent 2024: Day 2

Decode EAN-8 barcodes with missing digits using Python, checksum validation, and clever mapping to uncover the hidden flag in this Hackvent challenge!

Hackvent 2024: Day 1

Learn how a QR code puzzle was cracked by tweaking the global GIF palette, revealing a hidden QR code, and decoding the daily flag.

How we Outsmarted CSGO Cheaters with IdentityLogger

Learn how IdentityLogger used fingerprinting to combat ban evasion, protecting our CSGO community from relentless cheaters.

ChatGPT is Killing your Developer Potential

Stop letting ChatGPT destroy your developer potential. Over-reliance on AI is wrecking your future as a developer!

Rewriting mobeigi.com with Next.js and Payload CMS

Discover why I rebuilt mobeigi.com using Next.js and Payload CMS, improving SEO, performance, and customisation with modern frameworks and a headless CMS.

The Curious Case of QUEENCREEK

Discover the mysterious QUEENCREEK autorun entry in Windows. Is it a hidden threat or something else? Let's find out.

Integrate Git Bash with Windows Terminal, OpenSSH, Pageant and WinSCP

Learn how to integrate Git Bash with Windows Terminal, OpenSSH, Pageant, and WinSCP to create an efficient and attractive development environment.

Migrating from Bare Metal to Containers

Exploring the challenges of running multiple apps on a VPS without containers, and why I decided to migrate to Docker.

Creating Chessort: The Chess Puzzle Sorting Game

Discover the making of Chessort, a chess puzzle sorting game. Learn about its development process and play now at Chessort.com!

Creating Perfect MIDI Files from Synthesia Piano Videos

Learn how to create perfect MIDI files from Synthesia-style piano videos, step-by-step instructions included.

Optimising Move Sprint in Jira: A Case of Innovation

Discover how we enhanced Jira's sprint management with a new move sprint API, improving performance and saving countless clicks.

DIY: Building an RGB Led Matrix

Build your own RGB LED Matrix with this detailed DIY guide, from parts to assembly, and create a vibrant display for your projects.

Automating Westpac's 3% p.a. return on your savings

Maximize your savings with Westpac's 3% p.a. interest offer for 18-29-year-olds. Learn how to automate your transactions and earn more effortlessly.

A closer look at Dine & Discover NSW Vouchers

Penetration testing the NSW Dine & Discover program. Are the vouchers secure?

sanitize-html-react Vulnerability

Internal testing, or 'blitzing', revealed flaws in the sanitize-html-react library, posing potential security risks. Discover alternatives and solutions.

Disable Slack @channel and @here notification for all channels

Streamline your Slack notifications with this custom script. Learn how to avoid unnecessary pings in order to maintain focus.

Rewriting mobeigi.com with React

Discover the ease of learning React with top resources, and see how I transformed my website using this powerful front-end library.

Finding the annoying noise in my system (GPU Fan spin up)

Discover how an attempt to overclock my Ryzen 3900X led to GPU fan damage and annoying noises.

Git Commit Message Hook for JIRA Issue Keys

Set up a global commit message hook to automatically prepend issue keys from your branch ID. Follow these steps for seamless code tracking.

How to delete a Ghost/Empty SignalFx Dashboard Group

Fixing SignalFx Ghost Dashboard Groups: Step-by-step guide on how to delete ghost dashboard groups using the SignalFx API and a special URL.

BlankMediaGames/Town Of Salem Data Breach (2020 Update)

Town of Salem was breached in Jan 2019, exposing 7.6M emails. 1 year later, many accounts are still compromised.

BlankMediaGames / Town Of Salem XSS

Discovered a potential XSS vulnerability in Town of Salem's API endpoint, reported to BlankMediaGames and promptly patched. Read more for technical details!

IOLI Crackme Write-up

Explore the IOLI crackme challenges, revealing passwords and detailed analysis for each binary level from 0x00 to 0x09. Get the insights here!

Hackvent 2019: Day 23

Discover how to retrieve the flag hidden in the Internet Data Archive challenge by exploiting vulnerabilities and cracking passwords.

Hackvent 2019: Day 22

Help Santa recover a lost command for his sledge in this HV19.22 challenge. Dive into hex sequences and AVR emulators to find the solution!

Hackvent 2019: Day 21

Join the challenge to recover Santa's flag using cryptographic techniques. Can you break the AES256 encryption and find the hidden flag?

Hackvent 2019: Day 20

Reverse the PS4 binary to solve the HV19.20 challenge. Download resources and follow our detailed solution for the flag.

Hackvent 2019: Day 19

Solve the HV19.19 challenge with Emojicode! Discover how a key emoji unlocks the flag in just 8 minutes. Get the details and solution here!

Hackvent 2019: Day 18

Crack the Salsa20 cipher and recover the hidden flag in this fun, dance-themed hacking challenge! Discover the key and the flag decoding method.

Hackvent 2019: Day 17

Crack the Unicode Portal challenge to become an admin and obtain the ultimate gift by exploiting the register functionality. Discover the flag!

Hackvent 2019: Day 16

Solve the HV19.16 B0rked Calculator challenge by fixing Santa's broken calculator and reveal the hidden flag. Download resources and more.

Hackvent 2019: Day 15

Join us in exploring the HV19.15 Santa's Workshop challenge. Discover how we decoded complex MQTT messaging services to uncover the hidden flag.

Hackvent 2019: Hidden 4

Solve the Hackvent 2019 Day 14 challenge (Hidden Four) by evaluating Perl code to reveal the hidden flag.

Hackvent 2019: Day 14

Join us for the HV19.14 Achtung das Flag challenge! Decode Perl code to reveal the hidden flag in this captivating game.

Hackvent 2019: Day 13

Infiltrate a spy facility and retrieve critical information by exploiting a login portal vulnerability in the HV19.13 TrieMe challenge.

Hackvent 2019: Day 12

Join the HV19.12 Back to Basic challenge! Learn how to reverse-engineer a file and uncover the hidden flag. Perfect for sharpening your hacking skills.

Hackvent 2019: Hidden 3

Discover the solution to the HV19.H1 Hidden Three challenge with step-by-step penetration testing and uncover the hidden flag.

Hackvent 2019: Day 11

Discover how to interact with the Frolicsome Santa Jokes API and uncover hidden flags in this detailed guide.

Hackvent 2019: Day 10

Discover how to crack the HV19.10 "Guess what" challenge by uncovering obfuscated strings in an ELF binary and retrieving the hidden flag.

Hackvent 2019: Day 9

Crack Santa's QR code challenge using Rule 30 to reveal the hidden destination path. Follow our step-by-step solution and Python script.

Hackvent 2019: Day 8

Decode encrypted credit card numbers and uncover the flag in the HV19.08 SmileNcryptor 4.0 challenge. Learn the technique used for decryption.

Hackvent 2019: Hidden 2

Solve the HV19.H2 Hidden Two challenge by decoding the file name string using base58 to uncover the hidden flag in this Capture The Flag event.

Hackvent 2019: Day 7

Uncover hidden binary messages in Santa's new sledge gadget. Learn how to decode using video analysis and extract the final flag!

Hackvent 2019: Hidden 1

Uncover hidden flags in HV19.H1 Hidden One challenge using whitespace steganography! Learn the solution step-by-step.

Hackvent 2019: Day 6

Discover how to solve the HV19.H1 Hidden One challenge using Francis Bacon's cipher. Decode the hidden message with Python!

Hackvent 2019: Day 5

Decode Santa's new solemn barcode to find the hidden message in this challenging CTF exercise. Can you crack the code?

Hackvent 2019: Day 4

Discover how Santa's new password policy was circumvented by the elves using an AutoHotKey script. Learn the step-by-step solution!

Hackvent 2019: Day 3

Decode the Hodor programming language challenge and discover the hidden flag using base64. Learn more about this unique esoteric language!

HACKvent 2019: Day 2

Unlock the secrets of HV19.02 Triangulation with our 3D model challenge! Discover how to extract hidden codes and claim your victory.

HACKvent 2019: Day 1

Discover the solution to the HV19.01 censored challenge. Unveil hidden binaries in an image to reveal a crisp QR code for the flag!

Restoring Facebook's Birthday Calendar Export Feature (fb2cal)

Discover how to restore Facebook's birthday export feature using a custom scraping tool called fb2cal. Get the open-source tool on GitHub.

Discord Discriminator Farming

Learn how I secured my desired Discord discriminator with Python scripts. This method is outdated as Discord Nitro now offers custom tags.

How to Hide your Servers Origin IP Address

Learn how to protect your web server from DDoS attacks using CloudFlare, firewall whitelisting, HTTPS, mail server management, and more.

Making my First libGDX Game

Creating an Android game was easier than expected! Learn how I made a Flappy Bird clone and tips for your own game development journey.

Run Adobe Audition in the Background to Reduce your Microphone's Background Noise

Struggling with background noise on your Blue Yeti microphone? Learn how to reduce it using Adobe Audition and AutoHotKey for seamless audio recording.

HACKvent 2016: Day 5

Solve Santa's challenge using 32-bit logical operators in C++. Discover the solution and get the daily QR code and flag!

HACKvent 2016: Day 1

Santa's email links to the same picture, but hidden redirections reveal a secret. Discover the flag using HTTP headers and redirection checks.

Logitech Gaming Software: LoL Profile Autodetection Fix

Fix Logitech Gaming Software's issue with League of Legends executable updates using Windows registry and regular expressions. Follow this step-by-step guide.

Fix PHP 500 Internal Server Error when using date()

A 500 internal server error using PHP's date() function was traced to a missing Sydney timezone file on CentOS 6.7. Here's how I fixed it.

Simple PHP File Download Script

Add a secure PHP file download script to your website to prevent direct access and hotlinking. Learn how to implement and customize it here.

HACKvent 2015: Day 15

Solve a complex encrypted message using Z3 theorem solver. Discover the hidden phrase and obtain the daily flag in this detailed challenge breakdown.

HACKvent 2015: Day 14

Discover how to pull the Nugget from a Windows binary using ILSpy. Follow the step-by-step guide and decrypt the hidden flag.

HACKvent 2015: Day 13

Uncover the secret hidden in an image using least significant bit steganography and Fourier transform techniques. Discover the fascinating solution!

HACKvent 2015: Day 12

Optimize and analyze complex C code to solve the Hackvent 2015 Day 12 challenge. Learn step-by-step code simplification for better efficiency.

HACKvent 2015: Day 11

Unlock the secrets of the IBM 96 Column Punch Card with our in-depth guide. Discover how to decode and solve the HV15 Day 11 challenge.

5138 - Escape from Python City

Discover how to escape from a Python sandbox and read key.txt in this engaging CTF challenge. Learn the steps and tricks used to solve it.

HACKvent 2015: Day 10

Crack the password-protected ZIP file and reveal the hidden flag with this step-by-step challenge solution.

Creating an Extremely Strong and Unique Password

Learn how to create a strong, flexible password that meets all security requirements and is easy to remember. Secure your accounts effectively!

HACKvent 2015: Day 9

Recover missing parts of a code transmission using SHA1 hashes and a sound file in this simple challenge. Discover our solution step-by-step.

HACKvent 2015: Day 8

Solve Hackvent 2015 Day 8 challenge by exploiting PHP loose comparison vulnerability for admin access. Discover the solution and flag details here.

Advent Of Code 2015: Day 8

Discover how to solve Day 8's Advent of Code challenge by calculating the difference in character counts for string literals and encoded strings.

Advent Of Code 2015: Day 7

Solve Day 7 Advent of Code challenge using Z3Py for logical constraints and theorem proving. Instructions for both parts included.

HACKvent 2015: Day 7

Crack the Hackvent 2015 Day 7 challenge by decoding a hexadecimal number into a QR code and reveal the hidden flag.

HACKvent 2015: Day 6

Crack the Base32 encoded string, decode with ASCII85, and apply ROT13 to reveal the flag in this detailed challenge solution.

HACKvent 2015: Day 5

Discover how to solve the Hackvent 2015 Day 5 challenge by extracting hidden QR codes from a PDF to reveal the flag.

HACKvent 2015: Day 4

Unlock the Scytale cipher challenge from Hackvent 2015 and discover the hidden flag with our step-by-step solution.

HACKvent 2015: Day 3

Discover how to solve the Day 3 challenge of Hackvent 2015 by decoding QR codes with an online tool.

HACKvent 2015: Day 2

Decode a mysterious binary message hidden in Klingon language from a Star Trek challenge and uncover the hidden flag.

HACKvent 2015: Day 1

Decode Santa's hidden message and solve the riddle using a Vigenere Cipher. Discover hidden images and uncover the flag for Hackvent 2015 Day 1.

Advent Of Code 2015: Day 6

Transform your holiday house with a million lights! Follow Santa's instructions to achieve the ideal lighting. Discover the total brightness after the setup.

Modifying the Peggle Deluxe Game

Learn how I customized Peggle Deluxe with my baby brother's image, transforming him into a game character for endless fun and laughter!

Advent Of Code 2015: Day 5

Santa needs help sorting nice and naughty strings in his text file. Discover how Python can solve this festive challenge efficiently!

Customize your Linux Terminal (Bash)

Customize your Xubuntu terminal with a unique style, CPU usage, memory stats, and a fun random quote from Cowsay and Fortune.

Advent Of Code 2015: Day 4

Help Santa mine AdventCoins by finding the lowest number that produces an MD5 hash starting with five zeroes. Learn more and solve with Python!

8891 - Santas leak (Hackvent 2015 Teaser)

Kick off Hackvent with a thrilling challenge! Solve "Santa's Leak" to find the HV-Nugget and see the detailed multi-step solution. Try it first!

Advent Of Code 2015: Day 3

Santa's challenge: delivering presents on an infinite grid while navigating tricky directions. How many houses receive at least one present?

Advent Of Code 2015: Day 2

Calculate the exact amount of wrapping paper and ribbon needed for presents with this simple Python script, solving Day 2's Advent of Code challenge.

Advent Of Code 2015: Day 1

Help Santa save Christmas by solving puzzles in the Advent of Code. Track Santa's floor changes and find the first basement entry position.

5020 - Password protected ZIP

Discover how to protect ZIP files from brute force attacks. Learn effective strategies and tools to ensure your passwords remain secure.

7002 - Linux Security: Got Wurzel

Break out of a restricted shell by exploiting permission issues in world writable files. Learn how to gain root access through cron jobs.

Fixing Mixed Content warnings using cronjobs

Ensure your website displays the secure HTTPS lock by hosting images locally or using a cron job to fetch and store them. Learn how to fix mixed content errors!

CTF: HACKvent 2015 - Hacking-lab

Join Hackvent 2015, a thrilling capture the flag event this December! Sign up now to challenge your skills and compete with the best!

How to fix your League of Legends Registry Paths (OP.GG fix)

Fix corrupt League of Legends registry entries with our easy-to-use batch script. Resolve issues with third-party replay tools like OP.GG.

Wordpress: Regexp and Post Views Counter Plugin

Learn how to display post views in WordPress using the Post Views Counter plugin and PHP regex for a clean view count.

How to get overall CPU utilization from the bash command line (Linux)

Discover an accurate and instant solution to measure CPU utilization in Bash using the `top` command and Python for floating point arithmetic.

How to get an A+ on Qualys’ SSL Labs Server Test (Apache)

Determine your SSL security with Qualys' SSL Server Test. Learn to configure Apache HTTP for an A+ score and protect your website from vulnerabilities.

Simple Buffer Overflow Example

Master buffer overflow attacks with this step-by-step guide. Learn to exploit vulnerable programs, disable security features, and execute shellcode.

Finland MSN XSS Vulnerability

The search bar on Finland has a vulnerability that allows XSS attacks due to improper encoding of quotes. Learn more about this issue here.

CSE.UNSW.EDU.AU XSS Vulnerability

The staff search page at UNSW (CSE) is vulnerable to XSS attacks due to improper sanitization of the ID field input.

Mashable XSS Vulnerability

Discover the Mashable subscription script vulnerability that exposes user emails and enables XSS attacks. Learn more about this security flaw.

ABC Mail XSS Vulnerability

The ABC Mail subscription script has a vulnerability that allows XSS attacks due to unsanitized email input. Learn more about this security flaw.

Backlinks.com XSS Vulnerability

Discover how a vulnerability in Backlinks.com's search form allows an XSS attack through unsanitized user input.

NineMSN Flights XSS Vulnerability

Discovered an XSS vulnerability on NineMSN's flights page. Learn how input sanitization flaws can lead to security breaches.

iiNet.net.au XSS Vulnerabilities

Discover two critical XSS vulnerabilities on iiNet's main search and Freezone pages, highlighting major security flaws in the Australian ISP's website.

Payload CMS Rich Text Demo

To showcase the output payload is capable of.