CTF video write-ups

YouTube Playlist

CTF challenges are sometimes really complicated. Here is a collection of video write-ups I have created for a various different kind of challenges. I try to explain my thought process and steps involved of solving it.

Newest video is at the top, so keep that in mind for multi-part episodes.

This challange was an amazing team effort. There were multiple steps necessary for the solution and different people contributed. The final big challenge was a bash eval injection, but without using any letters or numbers.

Solving the babyfengshui challenge from the 33c3 CTF live on stream.

Easy solution of list0r web challenge from the 33c3ctf thanks to unintended bugs in the challenge.

Solving Eat Sleep Pwn Repeat (ESPR - 150 pwn) challenge from the 33c3ctf. Dumping the binary through a format string vulnerability, leaking libc addresses in the global offset table, finding the matching libc and overwriting [email protected] with system() to get RCE.

Last video from the BRUCON CTF 2016. Covering "Breaking the crypto", "Log Analysis BSQLi" and "Crypto".

Failed challenge that exposed real security issues with an anonymous mail service, and solving "Lockpicking" and "Restricted Access" from the BruCON CTF 2016.

BruCON CTF video write-up: Not all packets, Reverse Beer, Virtual Lockpick

Commented walkthrough of the security CTF Internetwache 2016. Exploitation challenges.

In part 1 we reverse engineered the algorithm, now we implement a radare2 script in python to recover the flag and defeat the encrypted code.

Part 1 is about understanding the algorithm with binary.ninja and gdb. Zwiebel is a reversing CTF challenge with encrypted self-modifying code.

Commented walkthrough of the security CTF Internetwache 2016. Crypto challenges.

Commented walkthrough of the security CTF Internetwache 2016. Web Hacking challenges.

CORRECTION: I explained the stack canary with the `fs` register wrong. The `fs` register has an address and the stack canary is stored at offset +0x28 from that address.

Solving 'teufel' - pwnable 200 from the 32c3ctf. I didn't solve it during the CTF but worked through several writeups and doing some more research. Now that I understood it I recorded solving the challenge and recorded commentary for it.

Video writeup from the EFF-CTF 2016 that was running during Enigma Conference

First 4 levels of: http://pwnable.kr/play.php

Part 1: reverse engineering the functionality of the cookbook binary with IDA

Part 1: reverse engineering the functionality of the cookbook binary with IDA

Part 1: reverse engineering the functionality of the cookbook binary with IDA

Search Tags