CTF video write-ups

Playlists: Various CTFs | Riscure CTF

Terrible DPA explanation and sharing my experience solving the side channel analysis challenge "piece of scake" from the rhme2 CTF.

Preparing an arduino nano board to perform a power analysis side channel attack and explaining how that can be used to break RSA. Also proof I can't count.

We are going to recover a ECDSA private key from bad signatures. Same issue the Playstation 3 had that allowed it to be hacked.

Whack the mole was a fun little challenge that was not so much about security, but to figure out how the game works, and then play it and win.

We overflow a buffer and slowly figure out that we can control memory addresses to leak other data.

Solving the casino challenge of rhme2 abusing a format string vulnerability.

Using the greatest common divisor (GCD) to factorize the public modulo into the secret primes, so we can forge a RSA signature.

Solving "Photo Manager" from the riscure embedded hardware CTF by bypass a buffer overflow mitigation through bruteforcing a stack cookie.

We are using radare2 together with avr-gdb and simavr to reverse engineer the challenge "Jumpy" which implemets a password checking algorithm.

We are looking at the datasheet of the ATmega328p and learn about harvard architecture and how serial communication on an assembler level looks like.

The first challenge I solved for the embedded hardware CTF by riscure. It implements a Secure Filesystem which prevents you from readeing files without knowing the correct token for a file.

Explaining what serial is, debugging it with a Saleae Logic Analyzer and figuring out how to talk to the board.

Soldering the arduino board, installing drivers for OSX and flash challenges with avrdude. The CTF will run until the end of February, the other videos will come after that.

This challange was an amazing team effort. There were multiple steps necessary for the solution and different people contributed. The final big challenge was a bash eval injection, but without using any letters or numbers.

Solving the babyfengshui challenge from the 33c3 CTF live on stream.

Easy solution of list0r web challenge from the 33c3ctf thanks to unintended bugs in the challenge.

Solving Eat Sleep Pwn Repeat (ESPR - 150 pwn) challenge from the 33c3ctf. Dumping the binary through a format string vulnerability, leaking libc addresses in the global offset table, finding the matching libc and overwriting [email protected] with system() to get RCE.

Last video from the BRUCON CTF 2016. Covering "Breaking the crypto", "Log Analysis BSQLi" and "Crypto".

Failed challenge that exposed real security issues with an anonymous mail service, and solving "Lockpicking" and "Restricted Access" from the BruCON CTF 2016.

BruCON CTF video write-up: Not all packets, Reverse Beer, Virtual Lockpick

Commented walkthrough of the security CTF Internetwache 2016. Exploitation challenges.

In part 1 we reverse engineered the algorithm, now we implement a radare2 script in python to recover the flag and defeat the encrypted code.

Part 1 is about understanding the algorithm with binary.ninja and gdb. Zwiebel is a reversing CTF challenge with encrypted self-modifying code.

Commented walkthrough of the security CTF Internetwache 2016. Crypto challenges.

Commented walkthrough of the security CTF Internetwache 2016. Web Hacking challenges.

CORRECTION: I explained the stack canary with the `fs` register wrong. The `fs` register has an address and the stack canary is stored at offset +0x28 from that address.

Solving 'teufel' - pwnable 200 from the 32c3ctf. I didn't solve it during the CTF but worked through several writeups and doing some more research. Now that I understood it I recorded solving the challenge and recorded commentary for it.

Video writeup from the EFF-CTF 2016 that was running during Enigma Conference

First 4 levels of: http://pwnable.kr/play.php

Part 1: reverse engineering the functionality of the cookbook binary with IDA

Part 1: reverse engineering the functionality of the cookbook binary with IDA

Part 1: reverse engineering the functionality of the cookbook binary with IDA

Search Tags