About

I regularly participated in capture-the-flag competitions over the years as a member of STT. I usually focus on solving cryptography or web challenges.

I was one of the team captains of Team Europe, and won ICC. Now I get invited to create cryptography challenges for the new candidates, since I am too old to participate as a player 😢.

Writeups

• Clutch - HTB
• Clement - ASIS CTF
• Fake Medallion - Plaid CTF
• YAFM - Google CTF

Tools

• Symbolic Mersenne Cracker A tool that models the Mersenne Twister function as a Z3 program and is able to predict the next bits coming out of Python's RNG given just a few bits.
• NodeMedic-FINE Uses dynamic taint analysis to detect arbitrary command injection and arbitrary code execution vulnerabilities in Node.js packages — and it automatically synthesizes exploits!
• SWIPE Uses fuzzing and symbolic execution (on a browser modified to run taint analysis) to detect DOM-XSS vulnerabilities in web pages.

Awards

Over the years I won multiple awards (usually in teams) in several different CTF competitions, including:

• Led team Europe in ICC 2022 (1st place)
• Led team Portugal in ECSC (7th place)
• CSAW Quals 2020 (5th place)
• CSAW 2019 (2nd place)
• CSAW 2018 (3rd place)

To name a few. Anyway, yeah, I love to play CTFs!