This year's Oakland (the IEEE Symposium on Security and Privacy, formerly held in Oakland, California) has been a wild ride. Just a little more than a week before Oakland I've been in the bay area at the Usenix Security PC meeting at Google in Mountain View, talking to ...read more
Due to other commitments I only had little time to play during this CTF and when I arrived on Saturday (the 2nd day of the competition) our b01lers were already hacking away and we were hovering somewhere around 100.
For quite a while I looked trough some of the others ...read more
For this challenge we were given a corrupted git repository. We started by checking out the git repository (using git clone) and checking the consistency of the repository (using git fsck):
Checking object directories: 100% (256/256), done. error: sha1 mismatch 354ebf392533dce06174f9c8c093036c138935f3 error: 354ebf392533dce06174f9c8c093036c138935f3: object corrupt or missing error: sha1 ...read more
We are told that there's a treasure waiting at treasure.ctf.0ops.sjtu.cn so we have to start digging!
Firing up dig: dig treasure.ctf.0ops.sjtu.cn -t ANY tells us that the target is a IPv6 address.
Let's do a traceroute to that address:
$ traceroute6 ...read more
Another lazy Sunday (oh well, actually I should be writing papers and grant proposals but we are not talking about that right now) and I'm scrolling through my email when I stumbled upon a "FedEx notice" with your usual "you have not picked up your package" scam and I ...read more
Another year, another c3
This year marked my 11th year of congress (and 10th visit with a short hiatus in 2012). Just like all the years before we headed to the conference location a day before the start of the 31c3. After arriving in Hamburg (after a quick detour through ...
We received a file that looked like it was compressed. Let's just pipe it through xz and see what it really is. Aaah, looks like some old and obscure machine code of a machine that has long since been retired.
The machine code is of the CDC 6600, a ...read more
As part of the weekly CTF meetings we discussed some basic stack-based, heap-based, and format string based exploits. For system security challenges these are bread and butter techniques and rely on a huge amount of pre-existing knowledge about operating systems, kernels, process creation, dynamic loading, C programming, stack layouts, and ...read more
Do you know this situation where you have some domain specific knowledge about a problem but first level support at a company blocks you from getting to a knowledgeable person? An example would be tech support at an internet company where you have already restarted your modem and computer yet ...read more
« Page 2 / 7 »