Legoclones

Uhhh I'm a little late posting this on Twitter but I made a comprehensive writeup for how we (BYU) exploited a memcmp() side channel for eCTF 2025 to get flags 🚩justinapplegate.me/2025/ectf-memc…

Finally decided to finish a project that's been in the works for a while, I wrote some pretty in-depth (but unofficial) documentation for Python pickles - github.com/Legoclones/pic…

Thank you to everyone who came to our @IoTvillage #defcon32 talk! We spoke about finding 0days in Vilo Home Routers, and have published our research and slides on GitHub github.com/byu-cybersecur…

If you're going to be at DEFCON this year, come to Creator Stage 2 on Sunday at 12:30 for our talk on how we discovered 9x 0days in Vilo Home Routers!

pickledbg has been updated so it's now installable as a Python module. Note that pip install pickledbg will also make it runnable on the cmdline github.com/Legoclones/pic…

Happy to announce I will be speaking at @IoTvillage for @defcon 32 with 2 of my schoolmates!! We will be speaking about how we discovered the first 0days for Vilo Home Routers!

Here's a writeup for the challenge Everlasting_Message, a reverse engineering challenge from @CODEGATE_KR 2024 Quals: justinapplegate.me/2024/codegatec…

my biggest fear is posting something like “very interesting bug i found that results in a very tight race condition, unfortunately it’s not exploitable” and having a CTF person respond 43 minutes later with an exploit PoC

Just realized that I recently passed my 100th CTF that I've either played in or hosted!! I started in 2020, so it's been about 3.5 years total. Hats off to another hundred!

Played in @SAINTCON's Hackers Challenge this past week and placed 1st, getting the black badge!! I ended solving all the challenges and loved every minute of it. Great job by an awesome staff who keep it relevant and exciting every year!

After doing some pickle CTF problems, I decided to make a Pickle Debugger tool (called pickledbg), and after using it in Seccon, I'm releasing it to the public. More stuff will come later but here's the finished product - github.com/Legoclones/pic…

After encountering a bug in HITB Secconf CTF, I did some research into Flask's request.authorization object and how Authorization headers are parsed according to changes introduced in Flask 2.3. Read about that & interesting edge cases here justinapplegate.me/2023/flask-aut…

Published the source code and writeups for 3 challenges I made for the @RedTeamVillage_ CTF at DEFCON 31, the Home Network series. Check it out here --> github.com/Legoclones/RTV…

Finally got the CVEs reserved for my last 2 GL.iNET vulnerabilities, CVE-2023-33620 and CVE-2023-33621! Just requested for them to be published. justinapplegate.me/2023/glinet-CV…

this ctf smh