This year's Oakland (the IEEE Symposium on Security and Privacy, formerly held in Oakland, California) has been a wild ride. Just a little more than a week before Oakland I've been in the bay area at the Usenix Security PC meeting at Google in Mountain View, talking to ...read more
Due to other commitments I only had little time to play during this CTF and when I arrived on Saturday (the 2nd day of the competition) our b01lers were already hacking away and we were hovering somewhere around 100.
For quite a while I looked trough some of the others ...read more
For this challenge we were given a corrupted git repository. We started by checking out the git repository (using git clone) and checking the consistency of the repository (using git fsck):
Checking object directories: 100% (256/256), done. error: sha1 mismatch 354ebf392533dce06174f9c8c093036c138935f3 error: 354ebf392533dce06174f9c8c093036c138935f3: object corrupt or missing error: sha1 ...read more
We are told that there's a treasure waiting at treasure.ctf.0ops.sjtu.cn so we have to start digging!
Firing up dig: dig treasure.ctf.0ops.sjtu.cn -t ANY tells us that the target is a IPv6 address.
Let's do a traceroute to that address:
$ traceroute6 ...read more
Another lazy Sunday (oh well, actually I should be writing papers and grant proposals but we are not talking about that right now) and I'm scrolling through my email when I stumbled upon a "FedEx notice" with your usual "you have not picked up your package" scam and I ...read more
Another year, another c3
This year marked my 11th year of congress (and 10th visit with a short hiatus in 2012). Just like all the years before we headed to the conference location a day before the start of the 31c3. After arriving in Hamburg (after a quick detour through ...
We received a file that looked like it was compressed. Let's just pipe it through xz and see what it really is. Aaah, looks like some old and obscure machine code of a machine that has long since been retired.
The machine code is of the CDC 6600, a ...read more
At OSDI'14 we published our paper on  where we introduce two new security properties that protect programs against control-flow hijack attacks enabled by memory corruption vulnerabilities. The design space in this area is already very cluttered and we use this blog post to highlight the differences between the ...read more
As part of the weekly CTF meetings we discussed some basic stack-based, heap-based, and format string based exploits. For system security challenges these are bread and butter techniques and rely on a huge amount of pre-existing knowledge about operating systems, kernels, process creation, dynamic loading, C programming, stack layouts, and ...read more
« Page 2 / 7 »