Every year, the Oakland conference is one of the highlights of security research. As likely the most competitive of the big four conferences, Oakland is always a great place to sync up with friends and learn about new trends in security (then again, being in the PC committees for most …
read moreAsiaCCS'17 in Abu Dhabi
This was my second AsiaCCS. After an interesting experience in China last year, this year's AsiaCCS was in the United Arab Emirates (UAE) in Abu Dhabi. My program for this conference was quite packed. Two of my students had presentations, Daniele Midi's nesCheck work and Scott Carr's selective memory safety …
read more33C3 CTF: Fun times
read morepdfmaker (75 points)
The first challenge I tried was pdfmaker. Surprisingly I spent way too much time on this simple starter challenge. I initially planned to use this challenge as a warm up but ended spending about 10 hours on it, mostly due to me overlooking simpler solutions that are …
TUM CTF: boot2brainfuck
According to the description, hxp provides us with a brainfuck (BF) execution service where we can send BF programs over netcat and execute them. To help, they provide us with a script that translated BF programs into a DOS, 16-bit COM executable.
Now as a reminder, DOS COM executables are …
read moreAMD SEV attack surface: a tale of too much trust
AMD recently announced the new Secure Encrypted Virtualization (SEV) extension that intends to protect virtual machines against compromised hypervisors/Virtual Machine Monitors (VMMs). An intended use-case of SEV is to protect a VM against a malicious cloud provider. All memory contents are encrypted and the cloud provider cannot recover any …
read moreControl-Flow Integrity: An Introduction
At a high level, Control-Flow Integrity (CFI) restricts the control-flow of an application to valid execution traces. CFI enforces this property by monitoring the program at runtime and comparing its state to a set of precomputed valid states. If an invalid state is detected, an alert is raised, usually terminating …
read moreAsiaCCS and China
The last three weeks I've been traveling through China, Hong Kong, and Macau on an interesting security tour thanks to this year's AsiaCCS being held in Xi'an, China. AsiaCCS was right after Oakland, so I flew directly from San Francisco to Xi'an China and then continued to visit friends at …
read moreOakland from a system security perspective
This year's Oakland (the IEEE Symposium on Security and Privacy, formerly held in Oakland, California) has been a wild ride. Just a little more than a week before Oakland I've been in the bay area at the Usenix Security PC meeting at Google in Mountain View, talking to many folks …
read moreTrend Micro CTF: base64 (crypto 500)
Due to other commitments I only had little time to play during this CTF and when I arrived on Saturday (the 2nd day of the competition) our b01lers were already hacking away and we were hovering somewhere around 100.
For quite a while I looked trough some of the others …
read moreCSAW: sharpturn
For this challenge we were given a corrupted git repository. We started by checking out the git repository (using git clone) and checking the consistency of the repository (using git fsck):
Checking object directories: 100% (256/256), done. error: sha1 mismatch 354ebf392533dce06174f9c8c093036c138935f3 error: 354ebf392533dce06174f9c8c093036c138935f3: object corrupt or missing error: sha1 …
read more