When exploiting a program, there's four primary regions of memory that matter to us: * The program itself * The stack * libc * The heap All of these may be at randomized addresses, but a complex exploit will often need to interact with each of them. So how can we figure
This is a writeup of the AES-128 TSB challenge from Teaser Dragon CTF 2018 Prompt
Hey! It's been a while since our last post, but be on the lookout for drops of CTF writeups, security research project updates, and more. To start off we have a X-Post from ghost's personal blog. The orginal lives here.
This is a writeup of the Indianer challenge from Hack.lu 2017 The challenge was tagged Web/Pwn. Initially, the challenge included a binary and a link to a regular website that had a "super secret" backdoor. After downloading and unzipping, we noticed the .so file header on
This is a short post to (hopefully) answer some of the questions that I have received about my exploit auir.py and talk about a few interesting things that I have found. Why Free? In my exploit, I triggered the double free corruption error instead of allocating another chunk to
We've had a few people ask us over the past couple of years how we deploy CTFd and our challenges to serve the more than 2000 teams we have in CSAW CTF Quals, so here's a quick post explaining how we do it. CTFd First things
A few weeks ago, we ran the annual CSAW CTF finals round. We've released the problems so that anyone can play the problems themselves at home. Check them out here. Thanks to everyone for playing and I hope you're ready for CSAW next year.
Last weekend, we ran the annual CSAW CTF qualification round. After a wonderful competition, we've released all the problems (along with Dockerfiles for deployment) to the public. Check them out here. We're also collecting feedback about the CTF. If you have time, please fill out a
Last year, we had many ctf teams from around the world compete in the annual CSAW CTF. This event is geared toward college undergradates, however it is open to anyone who wishes to play. We’re releasing most of the CSAW CTF challenges in a VM for those who were
We’re given a .tar.xz which contains a partially corrupted git repo. Running git log reveals 4 commits, which all primarily build out one main .c file: commit 4a2f335e042db12cc32a684827c5c8f7c97fe60b Author: sharpturn Date: Sat Sep 5 18:11:05 2015 -0700 All done now! Should calculate the flag..assuming everything
After browsing around the home page of the website given, we notice 2 suspect things: password MD5s are computed client side, and there is a version number at the bottom of the page. After inspecting in chrome dev tools, we see that the version number is dynamically pulled from /.git/
After creating an account on the site and logging in, we notice pretty quickly that trying to set our profile image URL to an invalid URL returns a python error {% highlight python %} Malformed url ParseResult(scheme='', netloc='', path=u'asdf', params='', query=
