Posts on edd255

DHM 2025 - DotNett

Tue, 07 Oct 2025 11:34:57 +0200

One of the challenges of the second iteration of the German Hacking Championship was a web-based feedback form, written in C#. The service contained an internal class _Flag_ that we had to leak:

internal class _Flag_ {
 internal static string FLAG => "DHM{fake}";
}

DHM 2025 - Unauthentik

Sun, 05 Oct 2025 11:34:57 +0200

In the second iteration of the German Hacking Championship, one of the challenges consisted of a misconfigured Authentik instance. Authentik is a self-hosted, open-source identity provider. The challenge provided us with a blueprint.yaml file, a template that can automate Authentik configurations and manage user-interaction flows.

DHM 2025 - Dodge the Creeps

Fri, 03 Oct 2025 11:34:57 +0200

In the second iteration of the German Hacking Championship, one of the challenges featured a 2D game called “Dodge the Creeps”. This game is based on one of the sample projects from the Godot game engine, but written in Rust and compiled to WebAssembly. The goal of the challenge was to reach level 1337 in the game, which is practically impossible.

FAUST CTF 2025 - cake-configurator

Thu, 02 Oct 2025 11:34:57 +0200

This is a writeup I wrote together with Lorenz, first published on saarsec.

Overview

cake-configurator is a COBOL-based TCP service that allows users to configure and order cakes and track their orders conveniently in the terminal. Connecting via socat yields a user interface that prompts us to either register or login.

DHM 2024 - Time

Wed, 10 Sep 2025 11:34:57 +0200

In the first iteration of the German Hacking Championship, we were given a linear-feedback shift register (LFSR) over a Galois Field with two elements. In this writeup, I want to explain what a LFSR does and how we can solve this challenge using linear algebra.