CSAW Quals 2016 Postmortem

[Hello everyone! We are “galhacktic trendsetters”, a group of people new to CTFs (for more about us, see the about page). We’ll use this blog to post write-ups/postmortems for events we participate in.]

This past weekend we participated in the CSAW 2016 Qualifiers. This was the 4th CTF we’ve participated in as galhacktic trendsetters, and probably the one we took most seriously out of these (we participated in the ASIS CTF the weekend before, the TokyoWesterns/MMA CTF the weekend before that, and “participated” in the HackCon CTF the weekend before that).

We ended up coming in 55th place with 2651 points, solving 20 out of the 31 challenges.


Challenges we solved (with linked writeups where available):

Challenges we didn’t solve:

  • [Recon 10] Music To My Ears
  • [Recon 10] Eric Zhi Liang
  • [Reversing 125] Key
  • [Forensics 150] Yaar Haar Fiddle Dee Dee
  • [Pwn 200] Tutorial
  • [Web 200] I got Id
  • [Reversing 300] ivninja
  • [Pwn 300] Hungman
  • [Web 400] wtf.sh (2)
  • [Reversing 400] Tar Tar Binks
  • [Pwn 500] Mom’s Spaghetti


  • Our weakest areas definitely are Pwn and Reversing, which is reflected in the results (our Web isn’t much better).
  • We got really close on Yaar Haar, but somehow didn’t manage to notice the zip file in the packets. We should be more careful on forensics things in the future.
  • We should practice doing some Windows reversing challenges: I had no clue how to use IDA/OllyDbg for Key (and the only reason we successfully solved the other windows reversing, Gametime, was because it involved no reversing at all).



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s