Google CTF nowadays is a pretty large event - or should I say 3 connected events, with the pretty hardcore main CTF being one of them, and Hackceler8 - where speedrunning meets CTFs and game hacking - being the second. The last one, but probably the most popular one is Beginners Quest - a set of CTF challenges tied together with a story (a 001337 spy story in this specific case) and aimed at folks who like challenges, but prefer to take it easy is a stress free (i.e. no scoreboard) environment. Anyway, yesterday I've made an over 4 hour long livestream where I've solved all the challenges from this year's BQ, and here's the recording - enjoy!
Timeline (in order of solving):
15:46 - Task 1: CCTV (rev)
23:38 - Task 2: Logic Lock (misc)
34:27 - Task 3: High Speed Chase (misc)
49:25 - Task 5: Twisted robot (misc)
1:07:50 - Task 8: Hide and seek (misc)
1:22:10 - Task 10: Spycam (hw)
1:47:15 - Task 12: Old lock (web)
1:55:47 - Task 13: Noise on the wire (net)
2:04:45 - Task 15: Just another keypad (rev)
2:14:48 - Task 17: Playing golf (misc)
3:01:08 - Task 18: Strange Virtual Machine (rev)
3:41:49 - Task 4: Electronics Research Lab (hw)
3:51:41 - Task 6: To the moon (misc)
4:16:40 - Task 7: ReadySetAction (crypto)
4:25:30 - Task 9: Konski-Hiakawa Law of Droids (rev)
4:28:23 - Task 11: pwn-notebook (pwn)
4:41:59 - Task 14: web-quotedb (web)
4:45:04 - Task 16: Hash-meee (misc)
Moja prelekcja podczas lSHP będzie w zasadzie pierwszą prelekcją w cyklu o mniej lub bardziej pomysłowym tytule „Principle of vast astonishment”. Cykl ten powstał w zasadzie przez przypadek – któregoś pięknego wieczoru podczas analizowania kolejnej rzeczy natknąłem się na coś, co zachowywało się dziwnie i nietypowo, i pomyślałem, że w sumie zrobię z tego kilka slajdów. Kilka dni później doszło kilka kolejnych slajdów o czymś innym, tydzień później jeszcze kilka, i tak dalej. I tak oto okazało się, że w zasadzie mam gotowy materiał na kilka kolejnych lightning talków na losowych konferencjach w ciągu roku. W takiej sytuacji Michał nie musiał mnie za długo przekonywać do opowiedzenia czegoś na piątkowym wydarzeniu ;>
Agenda lSHP znajduje się poniżej, a póki co kilka ważnych linków:
Five newest or recently updated notes (these are unfinished posts, code snippets, links or commands I find useful but always forget, and other notes that just don't fit on the blog):
GDT and LDT in Windows kernel vulnerability exploitation is another paper I've written with j00ru, this time about using call-gates in kernel exploitation - quite a cool method since it works even if you have only a 1-byte write-what-where condition.
Adobe Reader 9.5.1 and 10.1.3 multiple vulnerabilities - 62 unique crashes, from that 31 trivially exploitable and 9 more potentially exploitable, 11 CVE's assigned (CVE-2012-4149 to CVE-2012-4160). Some of these bugs were fixed for Windows and OSX releases of Adobe Reader in APSB12-16.
Contributed to discovery of multiple low-to-high vulnerabilities in Google Chrome (CVE-2012-2851, CVE-2012-2855, CVE-2012-2856, CVE-2012-2862, CVE-2012-2863 and some other) - some of these were mentioned in this post.
A lot of bugs in ffmpeg and libav which resulted in 892 (sic!) patches in ffmpeg and 299 patches in libav (CVE-2011-3930 to CVE-2011-3952 and some other).
Mozilla Firefox 2.0.0.11 and Opera 9.50 information leak, also midly affected Safair, Konqueror and some other products (CVE-2007-6524, CVE-2008-0420, CVE-2008-0894, CVE-2008-1573). A demo video is also available.
A small but funny bug in Total Commander 7.01 - an FTP client gets attacked by the server, leading to a path traversal.
Unicode fun: PHP preg_match and UTF-8 with analysis of what happens when you forget that UTF-8 is multibyte; and a String-to-Integer vs Unicode - yes, the standard 0-9 digits are not the only ones supported by programming languages or unicode (see also this post).
PiXieServ is a simplified PXE (network boot) server for Windows and Linux-based OS, created for testing of very small home-made OS. See also the post about it.
ExcpHook, a system-wide exception monitor for Windows XP 32-bit. Useful if you're fuzzing something that doesn't like having a debugger attached.
Ent is an entropy measuring tool for reverse engineering reconnaissance (see also a post explaining how to use it).
HiperDrop is a simple command line process memory dumper for Windows, with a few different work modes.
asmloader - this little app executes headerless machine code (compiled assembly code). It's meant to be an aid in learning/teaching and playing with assembly, as well as the right tool when you just need to execute some machine code.
NetSock is a simple socket/networking lib/wrapper for C++ I've wrote back in 2003 and update from time to time - I use it for most of my network-enabled projects.
Dodatkowo: ReverseCraft - starsza seria podcastów o reverse engineeringu i assembly.
Edukacyjnie (wybrane posty)
Dla programistów:
Poradnik Początkującego Programisty - czyli jaki język wybrać, z czego się uczyć, jak samodzielnie rozwiązywać problemy i co dalej jak już się zna podstawy.
Security papers and research notes
Videotutoriale i podcasty
[
0 views |
0 videos |
0 subscribers ]
Sezon konferencji online w pełni, i pojawia się sporo ciekawych rozwiązań – jak na przykład 
