This is Mystiz, a made in Hong Kong 🇭🇰 software engineer. Currently stationed at Taiwan 🇹🇼 working for Google.

Capture-the-Flag

I am better-known as a Capture the Flag player and I hack with Black Bauhinia as a former captain and Shellphish. I like to struggle at crypto and reverse challenges, and sometimes pulling my hair on ad hoc problems. You may expect me doing writeups on the challenges I liked. I played DEFCON CTF Finals thrice on 2019, 2020 and 2021, and a finalist for Blackhat MEA CTF 2023 and SECCON CTF 2023.

I am also a challenge author who contributed to Google CTF, Bauhinia CTF, HKCERT CTF, USCB iCTF and so on. If you want to predict what challenges I will come up next, read my writeups with the tag #challenge-writing! Some personal highlights:

  1. ZKPOK in Google CTF 2024 is a MD5 collision challenge on zero-knowledge proof-of-knowledge of square roots.
  2. jav-asr-ipt in MOCSCTF 2023 is a RSA challenge that generates the prime numbers in a weird way.
  3. Shelter in Firebird CTF 2023 is a CBC padding oracle challenge where you have to find a corner case that the attack doesn’t work.
  4. Sratslla SEA in HKCERT CTF 2021 is an AES challenge where we remove each of AddRoundKey, SubBytes, ShiftRows and MixColumns.
  5. Threerider, Freerider / Tenet: The plagarism are two challenges on AES-CTR in two different CTFs that show how unoriginal I am when it comes to challenge writing.
  6. Loot and Scoot in HKCERT CTF 2023 is a game reversing challenge that one needs to look for bugs in the binary.
  7. …or How to Stop Time in Bauhinia CTF 2023 to make every challenge author banning negative numbers as the “Mystiz’s trick”.

I also contributed a challenge to Cryptohack.org: Roll your Own, where I liked the trick behind a lot.