想了想后面应该也不怎么打比赛了,那么就给后面的学弟们留下一份Web安全和电子数据取证的指南吧。笔者这里也想对后续接触Ctf的学弟们说:初期遇见的东西绝大多数都是没听说过的,只有不停的搜索,不停的学习,有智慧和礼貌的提问才能成长。也请各位学弟保持那一份热爱,奔赴下一场山海;莫愁前路无知己,天下谁人不识君!学长也祝愿你们日后的每一场比赛和攻防都可以顺顺利利。
Hospital Writeup
Spring Boot Heapdump and Shiro Deserialization and Nacos Client Yaml Deserialization and Fastjson Deserialization and Grafana Unauthorized Arbitrary File Reading and PostgreSQL and Multi-level Intranet tunnel construction
Spoofing Writeup
无ADCS + Petitpotam + ntlm中继打法 and MA_admin and noPac
Delegation Writeup
注册表提权 and 约束性委派攻击 and NTLM强认证触发DC01回连 and DCSync
Certify Writeup
SMB and SPN and ADCS
Time Writeup
SIDHistory and Dcsync
2025GHCTF Official Write Up for Web
衷心感谢NSSCTF对本次新生赛的慷慨支持!!!
Initial Writeup
Domain Controller Synchronization:DCSync Attack
Brute4Road Writeup
约束委派攻击 (Attacking Kerberos Constrained Delegation)
HGAME2025
听说这一次题目质量挺高的,也刚好面临学校新生赛出题;刚好来看看...