shELFing

This is the first, and easiest challenge in the brics+ CTF, hosted by ITMO in Russia with the support of several (as of the time of writing) US sanctioned Russian companies. This challenge suggests that you have to send a tiny ELF x64 executable which calls /bin/sh or equivalent.

DEFCON 2022 Quals: hash-it-0

shellcoding using hash functions! hash it 0 The hash-it-0 challenge is from DEFCON’s 2022 qualification round. It is like a normal shellcoding challenge but with mild steroids… The challenge involves shellcoding and we need to encode the shellcode for the target program to process and execute. Analysis The challenge

GPU accelerated SMT constraint solving

By applying traditional fuzzing techniques, we achieved high throughput SMT constraint solving. We were able to achieve 23 billion execs/s using GPU acceleration. SMT solvers typically apply very complicated algorithms to determine if a set of constraints is satisfiable (and produce a solution). The approach that we have taken

CUDA Reversing Challenge

This year’s CSAW quals was the first time I authored a challenge, the challenge is called krakme and it was a 200pt rev challenge. You can view the challenge files in the repo here. The idea for this challenge was formed after reading this paper The impact of GPU-assisted

DawgCTF 2020 - Where we roppin boys?

CTF Writeup for DawgCTF 2020: Where we roppin boys? DawgCTF 2020: Where we roppin boys? (350 points) * Challenge author: trashcanna Challenge files can be found here. Overview The rop program we are presented with is quite simple. main runs the welcome function, then the tryme function. The welcome function mmaps

Vasilisk

Vasilisk is a V8 JIT fuzzer that focuses on optimization passes. Background Fuzzing consists of randomized input generation to automate the process of finding crashes in programs. The probability of finding a crash increases as code coverage in the application increases. In a well formed fuzzing campaign, test cases are

Reverse Engineering Go, Part II

This post is on how the Ghidra decompiler works, and how to make it work for Go. Part 1 At the time of writing, the most recent major version of Go is Go 1.13 golang.org The most recent major version of Ghidra is Ghidra 9.11 github.com/

Reverse Engineering Go, Part I

This will be part of a multi-part post on Go binaries and reverse engineering them. Part 2 At the time of writing, the most recent major version of Go is Go 1.13 Why Go? Go has been part of a new wave of malware for a variety of reasons.

DIY Binary Analysis with OBIN

To learn how tools like IDA work under the hood, and learn more about binary analysis, I made OBIN for Osiris Binary analysis tool which does the following: * Parsing the elf file and show the information in the header * Disassembling the sections which include program code (there is also an

Introducing Our New Hackers In Residence

The OSIRIS Lab is very happy to welcome two new Hackers in Residence this fall! Nick Gregory, whose contributions as a lab member the past several years have been invaluable, and Alexei Bulazel, whose lectures have been incredibly insightful and forced us to learn. We look forward to working with

Hacking the Motherboard - Exploiting implicit trust in all of the forgotten places

Our economy is becoming more specialized and more and more tasks are being automated. We must have confidence in these systems and the technical infrastructure that supports them. However, this confidence relies on too much implicit trust – overlooking serious risks. Assurance in this area is hard won, manual, and costly.

Pivoting Around Memory

When exploiting a program, there's four primary regions of memory that matter to us: * The program itself * The stack * libc * The heap All of these may be at randomized addresses, but a complex exploit will often need to interact with each of them. So how can we figure