Posts on Hegzploit

Breaking Boolean Masking for Software AES

me (AT) this domain (Yusuf Hegazy) — Wed, 04 Jun 2025 00:00:00 +0000

0xL4ugh24 Hardware Challenges Official Writeups

me (AT) this domain (Yusuf Hegazy) — Sat, 28 Dec 2024 00:00:00 +0000

Lately, I have been doing some hardware security research, specifically focusing on side channel stuff, this inspired me to write these challenges for the 0xL4ugh CTF.

You will find all the challenge files on this repo, at the end of the blog I will list some notable writeups by players who have completed this challenge.

Tempus

Summary: Timing side channel attack allows us to bruteforce the pin digit by digit reducing the keyspace significantly (from 10^9 to 10*9).

Tempus is the latin word for time

Low Budget Router

me (AT) this domain (Yusuf Hegazy) — Sun, 03 Dec 2023 00:00:00 +0000

In this blog post, we’ll explore three challenges from the “Not Vulnerability Research” category in CyCTF'23, held in Cairo ICT.

I managed to solve the first challenge during the CTF, and solved the remaining two afterwards. Be sure to check out the official writeup by the author. As of writing this, I haven’t read the author’s writeup to avoid being influenced by the intended solutions. Instead, I’ll guide you through my methodology and approach for solving these three challenges. Expect a long (but fun) ride, so prepare a cup of tea and enjoy the read!

Reactive Vault 1

me (AT) this domain (Yusuf Hegazy) — Sun, 05 Nov 2023 00:00:00 +0000

I started by installing the APK on an android phone, once opened it will show a text field to enter a key and a login button, the APK will try to navigate to https://you-shall-not-pass when trying to type any key (maybe this was done to prevent bruteforcing the key?), finally, when you try to login with a random key It will show a dialog saying “BAAAD Key”

I dropped the APK within jadx and I went to the entry point which is com.expor4bb1t.AwesomeProject.MainActivity, I could see a lot of imports related to facebook and react, which along with the challenge name, started making sense. This application is built with react native.

An Electrical Engineer's Adventure into the Deep Dark of AI

me (AT) this domain (Yusuf Hegazy) — Sun, 18 Jun 2023 00:00:00 +0000

This is a blog post about my graduation project, where I went for a little dive within the scary realm of AI. I had zero practical experience with AI prior and had only a minimal theoretical understanding of some concepts. While this work may not seem like much, this was a rough ride for me, and I can confidently say that it was worth it. I couldn’t have had the opportunity to do this type of work otherwise, and I will probably not touch AI at this level anytime soon. This is basically a brain dump of some of my thoughts, including an explanation of my project so I can have some peace of mind and move on.

Hacking the Hackathon: How We Optimized Our Way to Third Place

me (AT) this domain (Yusuf Hegazy) — Wed, 15 Mar 2023 00:00:00 +0000

Are you ready to put your coding skills to the ultimate test? Hacktrick is the hackathon that combines AI, problem-solving, and cybersecurity to create a thrilling challenge. The landing page promises a rescue mission, but the real magic happens behind the scenes. As the competition heats up, we quickly realize that coding tricks alone won’t guarantee a win. The question is, will we figure out the winning formula before the time runs out?

Fighting counterfeit USB Flash Drives

me (AT) this domain (Yusuf Hegazy) — Sun, 10 Apr 2022 00:00:00 +0000

First Impressions

I was really tempted to just plug that bad boy into my main PC, but I was worried It might do something funny, I didn’t rush and instead booted a trusy old HP Pavilion I had around and booted it up, and ran a quick lsblk to list the devices connected.

We can clearly see that sdb1 with 1.9TBs of storage, but is that all?

Digging Deeper

Fight Flash Fraud, or rather f3, is a suite of command line utilities that aids in detecting and verifying USB flash drives.

Emotion and Logic

me (AT) this domain (Yusuf Hegazy) — Sun, 27 Mar 2022 00:00:00 +0000

A lot of people are driven by emotions, logical thinking doesn’t always result in agreement, in fact, most people are more influenced by emotions than logic, does that make logical thinking uselss.

It depends on a lot of factors, you shouldn’t boldly assume that logic works with everyone, a good strategy to get your message through might be analyzing the recipient, before deciding on your means of communication.

That’s a useful skill If you have to deal with multitude of different people, life is all about balancing things and overdoing is never wise.

Ways to return function values in C

me (AT) this domain (Yusuf Hegazy) — Fri, 25 Mar 2022 00:00:00 +0000

I was having a chit-chat with a friend discussing some C language shenanigans
when he sent me a code snippet, he wanted me fix the code and get it to work in
4 different ways.

Here is the snippet:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13


#include <stdio.h>

void calc (int x, int y);
int main(void){
 int x = 10, y = 50;
 printf("sum=%d ", sum);
 printf("mult=%d", mul);
}

void calc (int x, int y){
 int sum = x + y;
 int mul = x * y;
}

There are two main takeaways from the above snippet:

My new blogging workflow

me (AT) this domain (Yusuf Hegazy) — Fri, 18 Feb 2022 00:00:00 +0000

I started blogging at 2020 and was using Hugo as my go-to Static Site Generator, It was pretty fast and did the job well (Jekyll yes, I’m looking you).

The process went as follows:
I had two repos, one for the blog config files and the markdown sources of my posts. I then build these files using hugo build into static HTML pages which I push to another repo that serves my blog through github pages.

Binary Exploitation Resources

me (AT) this domain (Yusuf Hegazy) — Tue, 27 Apr 2021 00:00:00 +0000

These are by far the best resources I have found and have actually tried since I started learning binary exploitation.

Don’t waste your time choosing which is the best resource, just pick one and start digging in. They are all awesome!

Video

Dr. Ali Hadi’s Offensive Software Exploitation | English - Arabic
Nakerah Network’s BOF Playlist - Arabic (Windows)
Hegzploit - Arabic
LiveOverflow
GynvaelEN
Search for topics on ippsec.rocks
The Cyber Mentor’s Playlist (Windows) - New Updated Video
PinkDraconian’s Playlist
John Hammond’s Playlist
John Hammond’s PicoCTF2022 Binary Exploitation Walkthroughs
CryptoCat Intro to BinEx

Full Fledged Courses

Practice Material

A Journey into Mathematical Logic: Diophantus of Alexandria

me (AT) this domain (Yusuf Hegazy) — Thu, 01 Apr 2021 20:19:31 +0200

In this series of blog posts, I will be discussing some of my favorite topics in math, It mostly falls under the domains of mathematical logic and computability theory.

Diophantus of Alexandria

Diophantus was a Greek mathematician that flourished around 250 AD, he is most famous for his book “Arithmetica” in which he had compiled 130 algebraic problems among thirteen books where most of their solutions were positive integers, and that’s why mathematicians call such algebraic equations as “Diophantine Equations”.

Buffer Overflows for Newbies

me (AT) this domain (Yusuf Hegazy) — Mon, 30 Nov 2020 02:46:12 +0200

What is a Buffer anyway?

We can think of buffers as containers to hold our data for later use, it’s not really something specific to computer science; In fact, we have buffers in electronics, mechanics, chemistry and even politics!

We can say that the word buffer is just a fancy name for a placeholder (temporary storage)!

My Favorite Linux Distro

me (AT) this domain (Yusuf Hegazy) — Sun, 27 Sep 2020 23:27:38 +0200

Now, that’s a bit misleading since i have been using windows for the past 12-13 years of my keyboard smashing journey but i don’t really feel any guilt doing this, in fact windows is nothing more of a bottleneck to me or so have i figured later.

enough ranting, maybe this needs it’s own blog post after all or maybe not, it’s a highly controversial topic whatsoever. Just believe me windows is pure evil.

Optimizing Recursion

me (AT) this domain (Yusuf Hegazy) — Thu, 24 Sep 2020 15:52:30 +0200

In this blog post i will try to explain the basic concept of recursion and then show why recursion can be so inefficient and how to optimize it using Call Tail Optimization!

Normal Recursion, A Factorial Example

Most of us tech nerds have already dealt with the good ‘ol recursion, let’s refresh our understanding using the iconic factorial program.
$$0! = 1$$
$$n! = n (n-1)!$$
Python Implementation: