Using SonarQube to solve a CTF challenge? Done! ✅

Learn how we detected a 0-day vulnerability during #KalmarCTF, making us first to solve the challenge! From Zip Slip to RCE, using lazy class loading:

https://www.sonarsource.com/blog/code-security-for-conversational-ai-uncovering-a-zip-slip-in-eddi?utm_medium=social&utm_source=mastodon&utm_campaign=research&utm_content=blog-eddi-zip-slip-250916-&utm_term=---all&s_category=Organic&s_source=Social%20Media&s_origin=social

#appsec #CTF #vulnerability

Made a writeup for a nice #Nix challenge we solved at #KalmarCTF

Check it out!

https://msanft.foo/blog/kalmarctf-2025-nix-build-as-a-service/

With under 48 hours till we kick off with #KalmarCTF 2025, we are happy to announce that @zellic_io is joining as a sponsor this year, as well as an updated prize pool!
Come compete with the best competitive hackers from around the world!

After securing the #1 spot on CTFtime last year, we've spent the winter cooking up a nice set of challenges to share what we've learned with the community! From approachable curiosities to the fiendishly difficult! There should be something for everyone!

Do you have what it takes to find 0-days and novel techniques? Will you solve all of our challenges? Join us from Friday!

Updated Prize Pool
🥇 First Place: $2000 and 3x IDA Pro Named Licenses (each with 2 Decompilers)
🥈 Second Place: $1000 and 2x IDA Pro Named Licenses (each with 2 Decompilers)
🥉 Third Place: $750 and 1x IDA Pro Named License (with 2 Decompilers)
4️⃣ Fourth Place: $500
5️⃣ Fifth Place: $400
6️⃣ Sixth Place: $350

Thanks again to @zellic_io as they join our long time sponsor @HexRaysSA in helping us put on a great CTF for the community!

Registrations are now open at https://kalmarc.tf !

𝗞𝗮𝗹𝗺𝗮𝗿𝗖𝗧𝗙 𝟮𝟬𝟮𝟱 𝗶𝘀 𝗷𝘂𝘀𝘁 𝗮𝗿𝗼𝘂𝗻𝗱 𝘁𝗵𝗲 𝗰𝗼𝗿𝗻𝗲𝗿 - 𝗰𝗼𝗺𝗲 𝗰𝗼𝗺𝗽𝗲𝘁𝗲 𝘄𝗶𝘁𝗵 𝘁𝗵𝗲 𝗯𝗲𝘀𝘁 𝗰𝗼𝗺𝗽𝗲𝘁𝗶𝘁𝗶𝘃𝗲 𝗵𝗮𝗰𝗸𝗲𝗿𝘀 𝗳𝗿𝗼𝗺 𝗮𝗿𝗼𝘂𝗻𝗱 𝘁𝗵𝗲 𝘄𝗼𝗿𝗹𝗱 𝗮𝗻𝗱 𝘄𝗶𝗻 𝗴𝗿𝗲𝗮𝘁 𝗽𝗿𝗶𝘇𝗲𝘀!

The #KalmarCTF 2025 is on the horizon, and Kalmarunionen is ready to raise the bar once again. Mark your calendars for March 7th - 9th, 2025, and gear up for a 48-hour showdown of skill, and pure CTF grit.

𝐇𝐞𝐫𝐞’s 𝐰𝐡𝐚𝐭’s 𝐢𝐧 𝐬𝐭𝐨𝐫𝐞:
With a generous nod to @HexRaysSA for making the coveted #IDAPro licenses possible, we promise an unforgettable event brimming with complex challenges in binary exploitation, reverse engineering, and other classic #CTF categories.

🥇 First Place: 3x IDA Pro Named Licenses* with 2 Decompilers each
🥈 Second Place: 2x IDA Pro Licenses* with 2 Decompilers each
🥉 Third Place: 1x IDA Pro License* with 2 Decompilers

Why join hashtag #KalmarCTF 2025?
- Test yourself against top global teams and except some fun and original challenges
- Immerse yourself in a thriving community of passionate CTF players and hackers.

If you’re ready to push your limits, claim your glory, and maybe take home some serious #HexRays loot, head over to KalmarC.TF for all the details.
REassemble your dream team, and lets see who takes all home the licenses this year.

#hacking #cybersecurity #CTF

hey #nixos ppl there is a #CTF #kalmarctf with a nixos challenge on now! come get second blood on it, I had fun solving it :D

https://kalmarc.tf/challenges#Reproducible%20Pwning-20

The countdown to #KalmarCTF 2023 has started! We proudly support this event, organized by Kalmarunionen, and wish all teams and players luck! May the best win…

🎟️​ Register here: https://kalmarc.tf

🌐 More about IDA Pro: https://hex-rays.com/ida-pro/?utm_source=Social-Media-Post&utm_medium=Twitter&utm_campaign=kalmarctf-3…

#HexRays

Are you good enough to be on the podium? In #KalmarCTF, the stakes are high - #IDAPro licenses! We are thrilled to support this fantastic event.

🎟️ Register here: https://kalmarc.tf/

🌐 More about IDA Pro: https://hex-rays.com/ida-pro/?utm_source=Social-Media-Post&utm_medium=Mastodon&utm_campaign=kalmarctf-2

#HexRays