Archives

• By Season
• By Topic
• By Date

By Seasons / Episodes

Season 22

• Episode 3: PolyPwn CTF 2025's "Ocean's" Track on 16 April 2025
• Episode 2: NTFS Master File Table ($MFT) Demystified on 19 March 2025
• Episode 1: Let's play with languages! on 19 February 2025

Season 21

• Episode 7: MontréHack's Classic h0h0h0day CTF - Challenge Exchange on 18 December 2024
• Episode 7: RF CTF - Mind the air gap on 20 November 2024
• Episode 6: United CTF 2024's Fastpass + Whack-a-mole tracks on 16 October 2024
• Episode 5: NSec 2024's Phospholipid Track on 21 August 2024
• Episode 4: Supply Chain - The messy world of Build pipelines on 19 June 2024
• Episode 3: JFFI: Two Web Challenges on 15 May 2024
• Episode 2: CSGames 2024 IoT Challenge on 17 April 2024
• Episode 1: 24h@CTF 2023's Blue's Clues Track on 21 February 2024

Season 20

• Episode 08: MontréHack's Classic h0h0h0day CTF - Challenge Exchange on 20 December 2023
• Episode 7: UnitedCTF 2023 - Bucaneer's Online Access Terminal (Desjardins Track) on 15 November 2023
• Episode 6: Exploiting Timeless Timing Attacks on 20 September 2023
• Episode 5: NorthSec 2022 - Email Templates track (SSTI) on 23 August 2023
• Episode 4: NorthSec CTF 2023 - AWS Track on 21 June 2023
• Episode 3: Get Out: Reverse engineer and exploit a network protocol on 16 May 2023
• Episode 2: The Eternal Beginner/Learner on 19 April 2023
• Episode 1: 3 challenges from h0h0h0day on 22 February 2023

Season 19

• Episode 10: [IN-PERSON + Online] - h0h0h0day Challenge Exchange Special on 21 November 2022
• Episode 09: UnitedCTF 2022's Dynamic Malware Analysis Track on 19 October 2022
• Episode 08: NSEC 2022 GBAND, a Gameboy RCE on 21 September 2022
• Episode 7: Process Injection on Linux on 17 August 2022
• Episode 6: Introduction to Blockchain & Smart Contract Security on 20 July 2022
• Episode 5: NorthSec CTF 2022's Mycoverse Portal on 15 June 2022
• Episode 4: NorthSec CTF 2021's Rare Metal Sequence on 18 May 2022
• Episode 3: En personne: Northsec 2021 Badge on 21 April 2022
• Episode 2: CCCS' Ransomware: Ethical Home Grown Crypto Edition on 16 March 2022
• Episode 1: Holiday Hack Challenge: Shellcode Primer on 16 February 2022

Season

• Episode : IN-PERSON + Online h0h0h0day Challenge Exchange Special on 15 December 2021

Season 18

• Episode 3: DEFCON CTF 2021 BARB-Metal on 17 November 2021
• Episode 2: UnitedCTF 2021's Windows Forensics Track on 27 October 2021
• Episode 1: NorthSec CTF 2021's Nestadia on 29 September 2021

Season 17

• Episode 4: Canada Crackme on 21 April 2021
• Episode 3: Hackfest CTF 2020 salt challenge (pwning) on 17 March 2021
• Episode 2: Teacher Hotline - Challenge de NorthSec 2020 on 17 February 2021
• Episode 1: Malware Analysis - Challenge du Hackfest 2020 on 27 January 2021

Season 16

• Episode 6: h0h0h0day Online Challenge Exchange Special on 16 December 2020
• Episode 5: DefCon 24 CTF Quals b3s23 on 25 November 2020
• Episode 4: NorthSec's Leaky Data Mining on 21 October 2020
• Episode 3: Heaps of Fun on 16 September 2020
• Episode 2: Introduction to Reverse Engineering Natively-Compiled OCaml Programs on 19 August 2020
• Episode 1: NorthSec 2019 Giga.ctf on 22 July 2020

Season 15

• Episode 6: NorthSec's Ruby Deserialization on 17 June 2020
• Episode 5: Vault pwning (exclusive) on 20 May 2020
• Episode 4: is-h0h0h0-lation special on 29 April 2020
• Episode 3: HQL Injection on 18 March 2020
• Episode 2: Rudimentary Rust reversing on 19 February 2020
• Episode 1: Windows malware reversing on 15 January 2020

Season 14

• Episode 6: h0h0h0day Party and Challenge Xchange! on 18 December 2019
• Episode 5: Do You Know Java? on 20 November 2019
• Episode 4: Windows track of the NorthSec CTF 2019 on 16 October 2019
• Episode 3: Some Software Challenges of the NorthSec 2019 Badge on 18 September 2019
• Episode 2: Golang Reversing Introduction on 21 August 2019
• Episode 1: Anti-debugging on 17 July 2019

Season 13

• Episode 6: Intro to Linux x86 64 shellcoding on 19 June 2019
• Episode 5: Breaking Real-World Crypto on 15 May 2019
• Episode 4: Capture-The-Flag 101 on 17 April 2019
• Episode 3: Authentication-as-a-Service on 20 March 2019
• Episode 2: ROP 101 on 20 February 2019
• Episode 1: Warp Pipes on 16 January 2019

Season 12

• Episode 5: King of the hill CTF on 21 November 2018
• Episode 4: WTF.SQL on 17 October 2018
• Episode 3: Flags from Space from NorthSec 2018 on 19 September 2018
• Episode 2: From the Internet to Your Laptop! on 15 August 2018
• Episode 1: Web and privilege escalation challenges from NorthSec 2018 on 18 July 2018

Season 11

• Episode 6: Exploiting Weaknesses of Order-Preserving Encryption on 20 June 2018
• Episode 5: SQL Injection on 16 May 2018
• Episode 4: Capture-The-Flag 101 on 18 April 2018
• Episode 3: Hackfest/iHack 2017 Web Challenges on 21 March 2018
• Episode 2: Shopiflag: Web Exploitation on 21 February 2018
• Episode 1: Battleship Reverse Engineering on 17 January 2018

Season 10

• Episode 6: Gentle Introduction to the NorthSec Badge on 18 December 2017
• Episode 5: Mini-CTF OWASP on 20 November 2017
• Episode 4: Windows Reverse Engineering - GoogleCTF Ascii Art on 16 October 2017
• Episode 3: Exploitation ARM -- Badge NorthSec on 18 September 2017
• Episode 2: Fuzzing with AFL and libFuzzer on 21 August 2017
• Episode 1: Homework on 17 July 2017

Season 9

• Episode 6: Introduction to Heap Exploitation on 19 June 2017
• Episode 5: Side channel & L3 CPU cache on 15 May 2017
• Episode 4: NorthSec Captcha Bypass on 17 April 2017
• Episode 3: Back To Basics on 20 March 2017
• Episode 2: NES Reversing on 20 February 2017
• Episode 1: Malicious Network Traffic on 16 January 2017

Season 8

• Episode 4: Malicious Documents on 19 December 2016
• Episode 3: Keygen on 21 November 2016
• Episode 2: Malware as a service on 19 September 2016
• Episode 2: Trivia and Rebase as a Service on 15 August 2016
• Episode 1: Pinghelper and BusinessCards on 18 July 2016

Season 7

• Episode 6: Strudel Maker from NorthSec 2016 on 20 June 2016
• Episode 5: DCIETS CS Games 2016 Qualifications Teaser on 16 May 2016
• Episode 4: ROP It Like It's Hot! on 18 April 2016
• Episode 3: Hash Length Extension attacks on 21 March 2016
• Episode 2: Test d'intrusion Windows on 15 February 2016
• Episode 1: Hackito Ergo Sum 2010 FPGA Challenge on 18 January 2016

Season 6

• Episode 6: h0h0h0day 2015 Party! on 20 December 2015
• Episode 5: Hackfest 2015 CrackMe on 16 November 2015
• Episode 4: ECCryptolocker on 19 October 2015
• Episode 3: Got Malware? on 21 September 2015
• Episode 2: XSS for grown-ups on 17 August 2015
• Episode 1: Find The Key on 20 July 2015

Season 5

• Episode 6: Access Control on 15 June 2015
• Episode 5: NorthSec 2015 Warm-up Party! on 18 May 2015
• Episode 4: Network Forensics BKP Riverside 2015 on 20 April 2015
• Episode 3: adctf 2014 password-checker on 16 March 2015
• Episode 2: Android Forensics CySCA2014 on 16 February 2015
• Episode 1: Microcorruption initiation on 19 January 2015

Season 4

• Episode 5: Brad Oberberg (CSAW Finals 2013) on 15 December 2014
• Episode 4: Secure webmail and lost data on 17 November 2014
• Episode 3: Web Get $SHELL on 20 October 2014
• Episode 2: NorthSec Smartcards on 15 September 2014
• Episode 1: Social meetup / Rencontre sociale on 18 August 2014

Season 3

• Episode 5: NorthSec Thank You Mr ISP on 19 May 2014
• Episode 4: NorthSec 2014 Pre-Party! on 21 April 2014
• Episode 3: Boston Key Party Reverse Engineering on 17 March 2014
• Episode 2: Hackfest 2013 Web Challenges on 17 February 2014
• Episode 1: Plaid CTF 2012 Stegano on 20 January 2014

Season 2

• Episode 5: Silkstreet (CSAW Finals) on 16 December 2013
• Episode 4: Hackfest 2013 Retaliation on 18 November 2013
• Episode 3: CSAW Quals Recap on 21 October 2013
• Episode 2: Password Reset "Features" on 16 September 2013
• Episode 1: Web4Kids on 19 August 2013

Season 1

• Episode 5: Crypto-Oracle on 15 July 2013
• Episode 4: Unix Exploitation on 17 June 2013
• Episode 3: iOS Forensics and Network on 18 April 2013
• Episode 2: Hackfest 2012 Web/Crypto on 13 March 2013
• Episode 1: Hack.lu 2012 CTF binaries on 13 February 2013

By topic

24h@ctf

• 24h@CTF 2023's Blue's Clues Track, 21 February 2024

Appsec

• Let's play with languages!, 19 February 2025

Blue

• 24h@CTF 2023's Blue's Clues Track, 21 February 2024

Csgames

• CSGames 2024 IoT Challenge, 17 April 2024

Ctf

• RF CTF - Mind the air gap, 20 November 2024

Elastic

• 24h@CTF 2023's Blue's Clues Track, 21 February 2024

Incident

• 24h@CTF 2023's Blue's Clues Track, 21 February 2024

Iot,

• CSGames 2024 IoT Challenge, 17 April 2024

Jffi,

• JFFI: Two Web Challenges, 15 May 2024

Nsec,

• RF CTF - Mind the air gap, 20 November 2024

Polyctf,

• 24h@CTF 2023's Blue's Clues Track, 21 February 2024

Radio,

• RF CTF - Mind the air gap, 20 November 2024

Response,

• 24h@CTF 2023's Blue's Clues Track, 21 February 2024

Stack,

• 24h@CTF 2023's Blue's Clues Track, 21 February 2024

Team,

• 24h@CTF 2023's Blue's Clues Track, 21 February 2024

Actions,

• Supply Chain - The messy world of Build pipelines, 19 June 2024

Analysis,

• UnitedCTF 2022's Dynamic Malware Analysis Track, 19 October 2022
• UnitedCTF 2022's Dynamic Malware Analysis Track, 19 October 2022

Android

• Android Forensics CySCA2014, 16 February 2015

Android,

• United CTF 2024's Fastpass + Whack-a-mole tracks, 16 October 2024

Apk,

• United CTF 2024's Fastpass + Whack-a-mole tracks, 16 October 2024

Appsec,

• Supply Chain - The messy world of Build pipelines, 19 June 2024

Arm

• Some Software Challenges of the NorthSec 2019 Badge, 18 September 2019
• Gentle Introduction to the NorthSec Badge, 18 December 2017
• Exploitation ARM -- Badge NorthSec, 18 September 2017

Aws,

• NorthSec CTF 2023 - AWS Track, 21 June 2023

Badge

• En personne: Northsec 2021 Badge, 21 April 2022

Badge,

• NSec 2024's Phospholipid Track, 21 August 2024

Beginner,

• The Eternal Beginner/Learner, 19 April 2023
• Introduction to Blockchain & Smart Contract Security, 20 July 2022

Beginner-friendly

• UnitedCTF 2023 - Bucaneer's Online Access Terminal (Desjardins Track), 15 November 2023

Binary,

• NSEC 2022 GBAND, a Gameboy RCE, 21 September 2022

Bkp

• Network Forensics BKP Riverside 2015, 20 April 2015

Blockchain,

• Introduction to Blockchain & Smart Contract Security, 20 July 2022

Build

• Supply Chain - The messy world of Build pipelines, 19 June 2024

Cccs

• CCCS' Ransomware: Ethical Home Grown Crypto Edition, 16 March 2022

Challenge

• En personne: Northsec 2021 Badge, 21 April 2022

Ci/cd,

• Supply Chain - The messy world of Build pipelines, 19 June 2024

Cloud,

• NorthSec CTF 2023 - AWS Track, 21 June 2023

Code-review

• NorthSec 2019 Giga.ctf, 22 July 2020

Condition

• Exploiting Timeless Timing Attacks, 20 September 2023

Contract,

• Introduction to Blockchain & Smart Contract Security, 20 July 2022

Crackme

• Canada Crackme, 21 April 2021
• Anti-debugging, 17 July 2019
• Capture-The-Flag 101, 17 April 2019
• Warp Pipes, 16 January 2019
• Battleship Reverse Engineering, 17 January 2018
• NES Reversing, 20 February 2017
• Keygen, 21 November 2016
• DCIETS CS Games 2016 Qualifications Teaser, 16 May 2016
• Hackfest 2015 CrackMe, 16 November 2015
• Find The Key, 20 July 2015
• Access Control, 15 June 2015
• adctf 2014 password-checker, 16 March 2015
• Hackfest 2013 Retaliation, 18 November 2013
• Hack.lu 2012 CTF binaries, 13 February 2013

Crypto

• CCCS' Ransomware: Ethical Home Grown Crypto Edition, 16 March 2022

Cryptography

• Breaking Real-World Crypto, 15 May 2019
• Exploiting Weaknesses of Order-Preserving Encryption, 20 June 2018
• Windows Reverse Engineering - GoogleCTF Ascii Art, 16 October 2017
• NorthSec Captcha Bypass, 17 April 2017
• Strudel Maker from NorthSec 2016, 20 June 2016
• Hash Length Extension attacks, 21 March 2016
• ECCryptolocker, 19 October 2015
• Secure webmail and lost data, 17 November 2014
• NorthSec Smartcards, 15 September 2014
• Password Reset "Features", 16 September 2013
• Crypto-Oracle, 15 July 2013
• Hackfest 2012 Web/Crypto, 13 March 2013

Cryptography,

• NSec 2024's Phospholipid Track, 21 August 2024

Ctf

• En personne: Northsec 2021 Badge, 21 April 2022

Ctf,

• NorthSec 2022 - Email Templates track (SSTI), 23 August 2023
• NorthSec CTF 2023 - AWS Track, 21 June 2023

Debug

• Get Out: Reverse engineer and exploit a network protocol, 16 May 2023

Devops,

• Supply Chain - The messy world of Build pipelines, 19 June 2024

Dfir

• NTFS Master File Table ($MFT) Demystified, 19 March 2025

Dotnet,

• NorthSec CTF 2022's Mycoverse Portal, 15 June 2022

Dynamic

• UnitedCTF 2022's Dynamic Malware Analysis Track, 19 October 2022

Engineering,

• United CTF 2024's Fastpass + Whack-a-mole tracks, 16 October 2024

Escalation

• The Eternal Beginner/Learner, 19 April 2023

Escalation,

• United CTF 2024's Fastpass + Whack-a-mole tracks, 16 October 2024
• UnitedCTF 2023 - Bucaneer's Online Access Terminal (Desjardins Track), 15 November 2023

Ethereum,

• Introduction to Blockchain & Smart Contract Security, 20 July 2022

Exploit

• Hackfest CTF 2020 salt challenge (pwning), 17 March 2021
• Intro to Linux x86 64 shellcoding, 19 June 2019
• ROP 101, 20 February 2019
• Exploitation ARM -- Badge NorthSec, 18 September 2017
• Fuzzing with AFL and libFuzzer, 21 August 2017
• Introduction to Heap Exploitation, 19 June 2017
• Side channel & L3 CPU cache, 15 May 2017
• ROP It Like It's Hot!, 18 April 2016
• Test d'intrusion Windows, 15 February 2016
• Microcorruption initiation, 19 January 2015
• Brad Oberberg (CSAW Finals 2013), 15 December 2014
• Silkstreet (CSAW Finals), 16 December 2013
• Hackfest 2013 Retaliation, 18 November 2013
• CSAW Quals Recap, 21 October 2013
• Unix Exploitation, 17 June 2013
• Hack.lu 2012 CTF binaries, 13 February 2013

Exploitation

• Holiday Hack Challenge: Shellcode Primer, 16 February 2022
• DEFCON CTF 2021 BARB-Metal, 17 November 2021
• DefCon 24 CTF Quals b3s23, 25 November 2020
• Heaps of Fun, 16 September 2020
• Do You Know Java?, 20 November 2019
• Capture-The-Flag 101, 17 April 2019
• Web and privilege escalation challenges from NorthSec 2018, 18 July 2018
• Capture-The-Flag 101, 18 April 2018

Forensic

• Back To Basics, 20 March 2017
• Network Forensics BKP Riverside 2015, 20 April 2015
• Android Forensics CySCA2014, 16 February 2015
• Secure webmail and lost data, 17 November 2014
• NorthSec Thank You Mr ISP, 19 May 2014
• iOS Forensics and Network, 18 April 2013

Forensics

• UnitedCTF 2021's Windows Forensics Track, 27 October 2021
• Capture-The-Flag 101, 17 April 2019

Forensics,

• NTFS Master File Table ($MFT) Demystified, 19 March 2025

Fuzzing

• Fuzzing with AFL and libFuzzer, 21 August 2017

Gameboy,

• NSEC 2022 GBAND, a Gameboy RCE, 21 September 2022

Gdb,

• Get Out: Reverse engineer and exploit a network protocol, 16 May 2023

Ghidra,

• Get Out: Reverse engineer and exploit a network protocol, 16 May 2023

Github

• Supply Chain - The messy world of Build pipelines, 19 June 2024
• Supply Chain - The messy world of Build pipelines, 19 June 2024

Github,

• Supply Chain - The messy world of Build pipelines, 19 June 2024

H0h0h0day

• 3 challenges from h0h0h0day, 22 February 2023

Hacking

• Gentle Introduction to the NorthSec Badge, 18 December 2017

Hardware

• NSec 2024's Phospholipid Track, 21 August 2024
• En personne: Northsec 2021 Badge, 21 April 2022
• Some Software Challenges of the NorthSec 2019 Badge, 18 September 2019
• Gentle Introduction to the NorthSec Badge, 18 December 2017
• Side channel & L3 CPU cache, 15 May 2017
• Hackito Ergo Sum 2010 FPGA Challenge, 18 January 2016
• NorthSec Smartcards, 15 September 2014

Hql

• is-h0h0h0-lation special, 29 April 2020
• HQL Injection, 18 March 2020

Iam

• NorthSec CTF 2023 - AWS Track, 21 June 2023

Ida,

• Get Out: Reverse engineer and exploit a network protocol, 16 May 2023

Injection

• Process Injection on Linux, 17 August 2022
• Vault pwning (exclusive), 20 May 2020
• is-h0h0h0-lation special, 29 April 2020
• HQL Injection, 18 March 2020

Ios

• iOS Forensics and Network, 18 April 2013

Linux

• United CTF 2024's Fastpass + Whack-a-mole tracks, 16 October 2024
• Process Injection on Linux, 17 August 2022
• Intro to Linux x86 64 shellcoding, 19 June 2019
• ROP 101, 20 February 2019
• Battleship Reverse Engineering, 17 January 2018
• Mini-CTF OWASP, 20 November 2017
• Introduction to Heap Exploitation, 19 June 2017
• Keygen, 21 November 2016
• Malware as a service, 19 September 2016
• ROP It Like It's Hot!, 18 April 2016
• Brad Oberberg (CSAW Finals 2013), 15 December 2014
• Boston Key Party Reverse Engineering, 17 March 2014
• Silkstreet (CSAW Finals), 16 December 2013
• Hack.lu 2012 CTF binaries, 13 February 2013

Linux,

• Get Out: Reverse engineer and exploit a network protocol, 16 May 2023
• The Eternal Beginner/Learner, 19 April 2023

Malware

• UnitedCTF 2022's Dynamic Malware Analysis Track, 19 October 2022
• UnitedCTF 2022's Dynamic Malware Analysis Track, 19 October 2022
• Malware Analysis - Challenge du Hackfest 2020, 27 January 2021
• Windows malware reversing, 15 January 2020
• Malicious Network Traffic, 16 January 2017
• Malicious Documents, 19 December 2016
• Malware as a service, 19 September 2016
• ECCryptolocker, 19 October 2015
• Got Malware?, 21 September 2015

Malware,

• UnitedCTF 2022's Dynamic Malware Analysis Track, 19 October 2022

Memory,

• NSec 2024's Phospholipid Track, 21 August 2024

Messypoutine,

• Supply Chain - The messy world of Build pipelines, 19 June 2024

Mft,

• NTFS Master File Table ($MFT) Demystified, 19 March 2025

Network

• Get Out: Reverse engineer and exploit a network protocol, 16 May 2023
• NorthSec 2019 Giga.ctf, 22 July 2020
• Capture-The-Flag 101, 17 April 2019
• Capture-The-Flag 101, 18 April 2018
• Windows Reverse Engineering - GoogleCTF Ascii Art, 16 October 2017
• Back To Basics, 20 March 2017
• Malicious Network Traffic, 16 January 2017
• Network Forensics BKP Riverside 2015, 20 April 2015
• Secure webmail and lost data, 17 November 2014
• NorthSec Thank You Mr ISP, 19 May 2014
• iOS Forensics and Network, 18 April 2013

Northsec

• JFFI: Two Web Challenges, 15 May 2024
• NSEC 2022 GBAND, a Gameboy RCE, 21 September 2022
• NorthSec CTF 2022's Mycoverse Portal, 15 June 2022
• En personne: Northsec 2021 Badge, 21 April 2022

Northsec,

• NSec 2024's Phospholipid Track, 21 August 2024
• Exploiting Timeless Timing Attacks, 20 September 2023

Nsec,

• NSec 2024's Phospholipid Track, 21 August 2024
• JFFI: Two Web Challenges, 15 May 2024
• Exploiting Timeless Timing Attacks, 20 September 2023
• NorthSec 2022 - Email Templates track (SSTI), 23 August 2023
• NorthSec CTF 2023 - AWS Track, 21 June 2023
• NSEC 2022 GBAND, a Gameboy RCE, 21 September 2022

Pentest

• Windows track of the NorthSec CTF 2019, 16 October 2019
• Authentication-as-a-Service, 20 March 2019
• From the Internet to Your Laptop!, 15 August 2018
• Test d'intrusion Windows, 15 February 2016

Pentesting,

• NorthSec 2022 - Email Templates track (SSTI), 23 August 2023
• NorthSec CTF 2023 - AWS Track, 21 June 2023

Phospholipid,

• NSec 2024's Phospholipid Track, 21 August 2024

Pipelines

• Supply Chain - The messy world of Build pipelines, 19 June 2024

Pipelines,

• Supply Chain - The messy world of Build pipelines, 19 June 2024

Polytechnique,polypwn,camera,video

• PolyPwn CTF 2025's "Ocean's" Track, 16 April 2025

Privesc,

• United CTF 2024's Fastpass + Whack-a-mole tracks, 16 October 2024

Privilege

• United CTF 2024's Fastpass + Whack-a-mole tracks, 16 October 2024
• UnitedCTF 2023 - Bucaneer's Online Access Terminal (Desjardins Track), 15 November 2023
• The Eternal Beginner/Learner, 19 April 2023

Privilege-escalation

• Windows track of the NorthSec CTF 2019, 16 October 2019
• Web and privilege escalation challenges from NorthSec 2018, 18 July 2018

Process

• Process Injection on Linux, 17 August 2022

Protocols,

• Get Out: Reverse engineer and exploit a network protocol, 16 May 2023

Pwning

• Vault pwning (exclusive), 20 May 2020

Python

• CCCS' Ransomware: Ethical Home Grown Crypto Edition, 16 March 2022

Race

• Exploiting Timeless Timing Attacks, 20 September 2023

Ransomware

• CCCS' Ransomware: Ethical Home Grown Crypto Edition, 16 March 2022

Reverse

• United CTF 2024's Fastpass + Whack-a-mole tracks, 16 October 2024

Reverse,

• United CTF 2024's Fastpass + Whack-a-mole tracks, 16 October 2024
• NSEC 2022 GBAND, a Gameboy RCE, 21 September 2022

Reverse-engineering

• NorthSec CTF 2021's Rare Metal Sequence, 18 May 2022
• DEFCON CTF 2021 BARB-Metal, 17 November 2021
• NorthSec CTF 2021's Nestadia, 29 September 2021
• Canada Crackme, 21 April 2021
• Hackfest CTF 2020 salt challenge (pwning), 17 March 2021
• Malware Analysis - Challenge du Hackfest 2020, 27 January 2021
• Rudimentary Rust reversing, 19 February 2020
• Windows malware reversing, 15 January 2020
• Anti-debugging, 17 July 2019
• Capture-The-Flag 101, 17 April 2019
• Warp Pipes, 16 January 2019
• Capture-The-Flag 101, 18 April 2018
• Battleship Reverse Engineering, 17 January 2018
• Windows Reverse Engineering - GoogleCTF Ascii Art, 16 October 2017
• Exploitation ARM -- Badge NorthSec, 18 September 2017
• Introduction to Heap Exploitation, 19 June 2017
• NES Reversing, 20 February 2017
• Malicious Network Traffic, 16 January 2017
• Malicious Documents, 19 December 2016
• Keygen, 21 November 2016
• Malware as a service, 19 September 2016
• DCIETS CS Games 2016 Qualifications Teaser, 16 May 2016
• Hackito Ergo Sum 2010 FPGA Challenge, 18 January 2016
• Hackfest 2015 CrackMe, 16 November 2015
• Find The Key, 20 July 2015
• Access Control, 15 June 2015
• adctf 2014 password-checker, 16 March 2015
• Microcorruption initiation, 19 January 2015
• Boston Key Party Reverse Engineering, 17 March 2014

Reverse-engineering,

• Get Out: Reverse engineer and exploit a network protocol, 16 May 2023
• NSEC 2022 GBAND, a Gameboy RCE, 21 September 2022

Reversing

• Introduction to Reverse Engineering Natively-Compiled OCaml Programs, 19 August 2020
• Golang Reversing Introduction, 21 August 2019

Ringzer0

• NorthSec 2022 - Email Templates track (SSTI), 23 August 2023

Rust

• Rudimentary Rust reversing, 19 February 2020

Side-channel

• Exploiting Weaknesses of Order-Preserving Encryption, 20 June 2018

Smart

• Introduction to Blockchain & Smart Contract Security, 20 July 2022

Solidity

• Introduction to Blockchain & Smart Contract Security, 20 July 2022

Sql

• WTF.SQL, 17 October 2018

Sql-injection

• SQL Injection, 16 May 2018
• Shopiflag: Web Exploitation, 21 February 2018
• Mini-CTF OWASP, 20 November 2017
• Homework, 17 July 2017
• Hackfest 2013 Retaliation, 18 November 2013
• Web4Kids, 19 August 2013

Ssh,

• UnitedCTF 2023 - Bucaneer's Online Access Terminal (Desjardins Track), 15 November 2023

Ssti,

• NorthSec 2022 - Email Templates track (SSTI), 23 August 2023

Steganography

• Back To Basics, 20 March 2017
• Plaid CTF 2012 Stegano, 20 January 2014

Things-humans-do

• MontréHack's Classic h0h0h0day CTF - Challenge Exchange, 18 December 2024
• MontréHack's Classic h0h0h0day CTF - Challenge Exchange, 20 December 2023
• [IN-PERSON + Online] - h0h0h0day Challenge Exchange Special, 21 November 2022
• IN-PERSON + Online h0h0h0day Challenge Exchange Special, 15 December 2021
• h0h0h0day Online Challenge Exchange Special, 16 December 2020
• h0h0h0day Party and Challenge Xchange!, 18 December 2019
• h0h0h0day 2015 Party!, 20 December 2015
• NorthSec 2015 Warm-up Party!, 18 May 2015
• Social meetup / Rencontre sociale, 18 August 2014
• NorthSec 2014 Pre-Party!, 21 April 2014

Timing,

• Exploiting Timeless Timing Attacks, 20 September 2023

Tutorial

• Holiday Hack Challenge: Shellcode Primer, 16 February 2022
• Some Software Challenges of the NorthSec 2019 Badge, 18 September 2019
• Gentle Introduction to the NorthSec Badge, 18 December 2017
• Mini-CTF OWASP, 20 November 2017
• Introduction to Heap Exploitation, 19 June 2017
• Side channel & L3 CPU cache, 15 May 2017
• Back To Basics, 20 March 2017
• DCIETS CS Games 2016 Qualifications Teaser, 16 May 2016

Unitedctf

• UnitedCTF 2022's Dynamic Malware Analysis Track, 19 October 2022

Unitedctf,

• United CTF 2024's Fastpass + Whack-a-mole tracks, 16 October 2024
• UnitedCTF 2023 - Bucaneer's Online Access Terminal (Desjardins Track), 15 November 2023

Unity,

• United CTF 2024's Fastpass + Whack-a-mole tracks, 16 October 2024

Web

• Teacher Hotline - Challenge de NorthSec 2020, 17 February 2021
• NorthSec's Leaky Data Mining, 21 October 2020
• NorthSec 2019 Giga.ctf, 22 July 2020
• NorthSec's Ruby Deserialization, 17 June 2020
• Do You Know Java?, 20 November 2019
• Golang Reversing Introduction, 21 August 2019
• Breaking Real-World Crypto, 15 May 2019
• Capture-The-Flag 101, 17 April 2019
• Authentication-as-a-Service, 20 March 2019
• King of the hill CTF, 21 November 2018
• WTF.SQL, 17 October 2018
• Flags from Space from NorthSec 2018, 19 September 2018
• Web and privilege escalation challenges from NorthSec 2018, 18 July 2018
• SQL Injection, 16 May 2018
• Capture-The-Flag 101, 18 April 2018
• Hackfest/iHack 2017 Web Challenges, 21 March 2018
• Shopiflag: Web Exploitation, 21 February 2018
• Mini-CTF OWASP, 20 November 2017
• Homework, 17 July 2017
• NorthSec Captcha Bypass, 17 April 2017
• Back To Basics, 20 March 2017
• Pinghelper and BusinessCards, 18 July 2016
• Strudel Maker from NorthSec 2016, 20 June 2016
• XSS for grown-ups, 17 August 2015
• Secure webmail and lost data, 17 November 2014
• Web Get $SHELL, 20 October 2014
• NorthSec Thank You Mr ISP, 19 May 2014
• Hackfest 2013 Web Challenges, 17 February 2014
• Password Reset "Features", 16 September 2013
• Web4Kids, 19 August 2013
• Hackfest 2012 Web/Crypto, 13 March 2013

Web,

• JFFI: Two Web Challenges, 15 May 2024

Windows

• UnitedCTF 2021's Windows Forensics Track, 27 October 2021
• Malware Analysis - Challenge du Hackfest 2020, 27 January 2021
• Windows malware reversing, 15 January 2020
• Windows track of the NorthSec CTF 2019, 16 October 2019
• From the Internet to Your Laptop!, 15 August 2018
• Malicious Network Traffic, 16 January 2017
• Malicious Documents, 19 December 2016
• Malware as a service, 19 September 2016
• Test d'intrusion Windows, 15 February 2016
• Hackfest 2015 CrackMe, 16 November 2015

Windows,

• NTFS Master File Table ($MFT) Demystified, 19 March 2025
• UnitedCTF 2022's Dynamic Malware Analysis Track, 19 October 2022

Workflows,

• Supply Chain - The messy world of Build pipelines, 19 June 2024

Xss

• Shopiflag: Web Exploitation, 21 February 2018
• Mini-CTF OWASP, 20 November 2017
• XSS for grown-ups, 17 August 2015
• Web4Kids, 19 August 2013

By date

2025

• PolyPwn CTF 2025's "Ocean's" Track, April 16
• NTFS Master File Table ($MFT) Demystified, March 19
• Let's play with languages!, February 19

2024

• MontréHack's Classic h0h0h0day CTF - Challenge Exchange, December 18
• RF CTF - Mind the air gap, November 20
• United CTF 2024's Fastpass + Whack-a-mole tracks, October 16
• NSec 2024's Phospholipid Track, August 21
• Supply Chain - The messy world of Build pipelines, June 19
• JFFI: Two Web Challenges, May 15
• CSGames 2024 IoT Challenge, April 17
• 24h@CTF 2023's Blue's Clues Track, February 21

2023

• MontréHack's Classic h0h0h0day CTF - Challenge Exchange, December 20
• UnitedCTF 2023 - Bucaneer's Online Access Terminal (Desjardins Track), November 15
• Exploiting Timeless Timing Attacks, September 20
• NorthSec 2022 - Email Templates track (SSTI), August 23
• NorthSec CTF 2023 - AWS Track, June 21
• Get Out: Reverse engineer and exploit a network protocol, May 16
• The Eternal Beginner/Learner, April 19
• 3 challenges from h0h0h0day, February 22

2022

• [IN-PERSON + Online] - h0h0h0day Challenge Exchange Special, November 21
• UnitedCTF 2022's Dynamic Malware Analysis Track, October 19
• NSEC 2022 GBAND, a Gameboy RCE, September 21
• Process Injection on Linux, August 17
• Introduction to Blockchain & Smart Contract Security, July 20
• NorthSec CTF 2022's Mycoverse Portal, June 15
• NorthSec CTF 2021's Rare Metal Sequence, May 18
• En personne: Northsec 2021 Badge, April 21
• CCCS' Ransomware: Ethical Home Grown Crypto Edition, March 16
• Holiday Hack Challenge: Shellcode Primer, February 16

2021

• IN-PERSON + Online h0h0h0day Challenge Exchange Special, December 15
• DEFCON CTF 2021 BARB-Metal, November 17
• UnitedCTF 2021's Windows Forensics Track, October 27
• NorthSec CTF 2021's Nestadia, September 29
• Canada Crackme, April 21
• Hackfest CTF 2020 salt challenge (pwning), March 17
• Teacher Hotline - Challenge de NorthSec 2020, February 17
• Malware Analysis - Challenge du Hackfest 2020, January 27

2020

• h0h0h0day Online Challenge Exchange Special, December 16
• DefCon 24 CTF Quals b3s23, November 25
• NorthSec's Leaky Data Mining, October 21
• Heaps of Fun, September 16
• Introduction to Reverse Engineering Natively-Compiled OCaml Programs, August 19
• NorthSec 2019 Giga.ctf, July 22
• NorthSec's Ruby Deserialization, June 17
• Vault pwning (exclusive), May 20
• is-h0h0h0-lation special, April 29
• HQL Injection, March 18
• Rudimentary Rust reversing, February 19
• Windows malware reversing, January 15

2019

• h0h0h0day Party and Challenge Xchange!, December 18
• Do You Know Java?, November 20
• Windows track of the NorthSec CTF 2019, October 16
• Some Software Challenges of the NorthSec 2019 Badge, September 18
• Golang Reversing Introduction, August 21
• Anti-debugging, July 17
• Intro to Linux x86 64 shellcoding, June 19
• Breaking Real-World Crypto, May 15
• Capture-The-Flag 101, April 17
• Authentication-as-a-Service, March 20
• ROP 101, February 20
• Warp Pipes, January 16

2018

• King of the hill CTF, November 21
• WTF.SQL, October 17
• Flags from Space from NorthSec 2018, September 19
• From the Internet to Your Laptop!, August 15
• Web and privilege escalation challenges from NorthSec 2018, July 18
• Exploiting Weaknesses of Order-Preserving Encryption, June 20
• SQL Injection, May 16
• Capture-The-Flag 101, April 18
• Hackfest/iHack 2017 Web Challenges, March 21
• Shopiflag: Web Exploitation, February 21
• Battleship Reverse Engineering, January 17

2017

• Gentle Introduction to the NorthSec Badge, December 18
• Mini-CTF OWASP, November 20
• Windows Reverse Engineering - GoogleCTF Ascii Art, October 16
• Exploitation ARM -- Badge NorthSec, September 18
• Fuzzing with AFL and libFuzzer, August 21
• Homework, July 17
• Introduction to Heap Exploitation, June 19
• Side channel & L3 CPU cache, May 15
• NorthSec Captcha Bypass, April 17
• Back To Basics, March 20
• NES Reversing, February 20
• Malicious Network Traffic, January 16

2016

• Malicious Documents, December 19
• Keygen, November 21
• Malware as a service, September 19
• Trivia and Rebase as a Service, August 15
• Pinghelper and BusinessCards, July 18
• Strudel Maker from NorthSec 2016, June 20
• DCIETS CS Games 2016 Qualifications Teaser, May 16
• ROP It Like It's Hot!, April 18
• Hash Length Extension attacks, March 21
• Test d'intrusion Windows, February 15
• Hackito Ergo Sum 2010 FPGA Challenge, January 18

2015

• h0h0h0day 2015 Party!, December 20
• Hackfest 2015 CrackMe, November 16
• ECCryptolocker, October 19
• Got Malware?, September 21
• XSS for grown-ups, August 17
• Find The Key, July 20
• Access Control, June 15
• NorthSec 2015 Warm-up Party!, May 18
• Network Forensics BKP Riverside 2015, April 20
• adctf 2014 password-checker, March 16
• Android Forensics CySCA2014, February 16
• Microcorruption initiation, January 19

2014

• Brad Oberberg (CSAW Finals 2013), December 15
• Secure webmail and lost data, November 17
• Web Get $SHELL, October 20
• NorthSec Smartcards, September 15
• Social meetup / Rencontre sociale, August 18
• NorthSec Thank You Mr ISP, May 19
• NorthSec 2014 Pre-Party!, April 21
• Boston Key Party Reverse Engineering, March 17
• Hackfest 2013 Web Challenges, February 17
• Plaid CTF 2012 Stegano, January 20

2013

• Silkstreet (CSAW Finals), December 16
• Hackfest 2013 Retaliation, November 18
• CSAW Quals Recap, October 21
• Password Reset "Features", September 16
• Web4Kids, August 19
• Crypto-Oracle, July 15
• Unix Exploitation, June 17
• iOS Forensics and Network, April 18
• Hackfest 2012 Web/Crypto, March 13
• Hack.lu 2012 CTF binaries, February 13