About Me
This is Mystiz, a made in Hong Kong ðŸ‡ðŸ‡° software engineer. Currently stationed at Taiwan 🇹🇼 working for Google.
- X: @mystiz613
- Github: @samueltangz
- Website: mystiz.hk
Capture-the-Flag⌗
I am better-known as a Capture the Flag player and I hacked with Black Bauhinia as a former captain and Shellphish. I like to struggle at crypto and reverse challenges, and sometimes pulling my hair on ad hoc problems. You may expect me doing writeups on the challenges I liked. I played DEFCON CTF Finals thrice on 2019, 2020 and 2021, and a finalist for Blackhat MEA CTF 2023 and SECCON CTF 2023.
I am also a challenge author who contributed to Google CTF, Bauhinia CTF, HKCERT CTF, USCB iCTF and so on. If you want to predict what challenges I will come up next, read my writeups with the tag #challenge-writing! Some personal highlights:
- On cryptography:
- ZKPOK in Google CTF 2024 is a MD5 collision challenge on zero-knowledge proof-of-knowledge of square roots.
- jav-asr-ipt in MOCSCTF 2023 is a RSA challenge that generates the prime numbers in a weird way.
- Shelter in Firebird CTF 2023 is a CBC padding oracle challenge where you have to find a corner case that the attack doesn’t work.
- Sratslla SEA in HKCERT CTF 2021 is an AES challenge where we remove each of
AddRoundKey,SubBytes,ShiftRowsandMixColumns. - Threerider, Freerider / Tenet: The plagarism are two challenges on AES-CTR in two different CTFs that show how unoriginal I am when it comes to challenge writing.
- …or How to Stop Time in Bauhinia CTF 2023 to make every challenge author banning negative numbers as the “Mystiz’s trick”.
- I also contributed a challenge to Cryptohack.org: Roll your Own, where I liked the trick behind a lot.
- On reverse engineering:
- Loot and Scoot in HKCERT CTF 2023 is a game reversing challenge that one needs to look for bugs in the binary.
- Bashed! in HKCERT CTF 2024 is a Bash programming challenge that is based on the self-modifying behaviour.
- On web:
- âš¡ in HKCERT CTF 2024 is a web challenge that SQL injection.