Intro

The musical artist known as BT recently launched his 14th album as an interactive NFT experience on the Arweave blockchain called Metaversal. Part of this experience was a multiple day long puzzle treasure hunt.

Metaversal:
https://btmusic.com/metaversal/

The beginning of the treasure hunt:
https://twitter.com/BT/status/1443318319235444738

The whole experience involved a matic airdrop, three days of puzzles leading to 11 NFTs each day, a geocache treasure hunt in real life, and a final puzzle involving the NFT game Neon District.

We assembled a squad and dove in to solve the BT puzzles:

• ziot
• jtobcat
• LeFevre
• lia
• omaru
• mattm
• zomperzon

Continue reading →

Solved by:

• ziot (@bbuerhaus)
• xEHLE (@xEHLE_)
• mattm (@mattmcquaig)
• LeFevre (@_LeFevre_)

Cr0wn_Gh0ul launched a new puzzle with a 1 Eth and 800 Matic prize recently. This involved airdropping matic NFTs and contracts to many addresses, similar to the one million matic NFTs he airdropped recently. This puzzle involved navigating the contracts, finding the NFTs, extracting text from the NFT images, and using the text as a private key. I will explain the process that went into solving this puzzle.

Continue reading →

The infamous crypto puzzle artist coin_artist just launched a new NFT airdrop for hitting 50,000 followers on Twitter. As with all coin_artist related announcements and products, we immediately dusted off the magnifying glass and started to seek for a puzzle. We quickly saw that she tweeted #1347 which is her bat signal that there is a puzzle to be found. It did not take long for us to find the trailhead!

Solvers:

• ziot (@bbuerhaus)
• LeFevre (@_LeFevre_)
• mattm (@mattmcquaig)

Continue reading →

I recently participated with the CTF team Norse Code representing Hacking for Soju in the DEFCON 29 CTF qualifiers. There was a web challenge, so I went full speed ahead to solve it. Overall the challenge is fairly straightforward and not too difficult, but I decided to do a write-up on it to demonstrate one way that you are able to work through obfuscated JavaScript.

The challenge begins with a website link and a Chrome browser extension that you can download.

Continue reading →

Solvers:

• ziot - Brett Buerhaus
• JTobcat - Justin Tobin
• LeFevre - Ben LeFevre
• mattm - Matt McQuaig

A few of us recently participated in another puzzle and managed to be victorious, collecting 34700 $coin (est $20,000 at time of solve) prize. coin_artist of Blockade Game and Bitcoin fame recently launched a new crypto currency called $coin. She had the idea of having the coin's original value backed by the purchase of NFTs that cost several Ethereum.

There was a clever stipulation involved though, anyone who owned one of these original $coin NFTs would be able to solve a puzzle with a $coin reward once launched. Cloverme of Age of Rust (Space Pirate) purchased a few of these NFTs and gifted one of them to us. This gave us the chance to participate and attempt to solve her puzzle.

With the launch of $coin, it unleashed a new puzzle designed and created by Lee Sparks (motive).

Let's dive into it.

Continue reading →

HackerOne just ran the online h@cktivity con and with it was a CTF. I spent 15 hours solving the big web challenge with the team Hacking for Soju called Pizza Time! This is yet another solid web CTF challenge created by the wizard Adam Langley.

This is the challenge text that leads you into it:

Continue reading →

Researchers:

• Brett Buerhaus
• Cody Brocious (Daeken)
• Sam Erb (erbbysam)
• Olivier Beg (Smiegles)

Statement from Slack

Slack would like to thank the researchers for their work to increase the security of the open source tool LibreOffice and their responsible disclosure to Slack. The security of file sharing is critically important to Slack and its users, and we worked with the research team to quickly implement a fix within 24 hours of receiving the report. Slack has confirmed that no customer data was accessed using this bug.

Intro

In our attempt to fingerprint LibreOffice as a PDF rendering service, we identified multiple implementation vulnerabilities.

This writeup covers our efforts to fingerprint LibreOffice, LibreOffice file detection (and abuse) & misuse of the LibreOffice Python-UNO bridge.

The unintended misuse of the Python-UNO bridge by the popular package unoconv resulted in CVE-2019-17400.

We believe our research here is not final, and encourage others to look into this area.

Continue reading →

erbbysam and I recently set out to beat the latest CTF challenge hosted by HackerOne. Here is a write-up with the process we took from start to finish.

Continue reading →