Dearest Islamic brotherhood, it is with great pleasure that we reveal our true identity as the Cyber Research Institute for the Islamic State of Iraq and Sham (CRIISIS). CRIISIS’ holy cyber mission is to cyber research cyber technology to wage cyber jihad on American infidel #CISSPs. CRIISIS’ greatest cyber research
Brooklynt Overflow recently participated in Olympic CTF finishing in 29th place. This is a write up of the aski challenge. The aski program is a large stripped statically compiled 32 bit elf binary that opens a window and plays a video of a skier performing a trial as a series
For 400 points, Olympic CTF provided the Make Similar challenge. The description was "Listen carefully and try to figure out. Hint: 120 LPM." The link pointed to a stream for an ogg file which played unintelligible beeps and static. The stream has been backed up with the challenge
Brooklynt Overflow Recently Competed in HackIM CTF. This is a writeup of the vuln4 service. The author was kind enough to provide source to this challenge which is nice but ultimately not necessary or terribly helpful. #include #include #include #include #include <sys/types.h> #include <sys/stat.
Brooklynt Overflow Recently Competed in HackIM CTF. This is a writeup of the vuln3 service. Vuln3 is a service exposed to the Internet via xinetd or something similar. It accepts input from you writes it to the stack, parses it and performs actions based on it. It does this until
Exploitation 200 HackIM Triage This challenge gave us a binary called srv2. Running file on the binary we are shown CheckSec revealed there was no NX but we assumed ASLR was enabled on the challenge server. From there we started the binary up and connect to it on localhost port
This challenge was relatively straightforward, especially given the fact that we have access to the source. {% highlight ruby %} require 'drb/drb' class TimeServer def initialize @flag = "FLAG" end def get_current_time Time.now end end $SAFE = 1 DRb.start_service("druby://0.0.0.
A few weeks ago the CSAW CTF Finals were held at NYU-Poly with 15 finalist teams competing. We're releasing most of the CSAW CTF Finals challenges in VMs for those who were not competing to download and try on their own. CSAW Finals VM - MD5: d13e29da1b3d59a5407fd9dc6e956e4f Brad
After reading through the Mandiant APT1 report detailing the presence of the Advanced Persistent Threat group 1 (APT1) which has been attacking a devastating number of companies and governments around the world a variety of questions come to mind. Considering the amount of time that has passed since Mandiant published
July 5-7 Brooklynt Overflow participated in SIGINT CTF hosted by the good folks over at CCCAC in Germany. Despite the fact that Brooklynt Overflow is not always the most effective team during the summer owing to inability to gather in the same place and the fact this competition was over
PHP strip_tags not a complete protection against XSS" was originally written by Dan Guido when he was a student in the ISIS Lab. On August 13th .mario, a high-profile member of the sla.ckers.org forum, alerted me to a XSS issue on the CSAW registration form. I
This was done while interning at Gotham Digital Science and the original blog post can be found here: http://blog.gdssecurity.com/labs/2013/5/8/writing-an-xss-worm.html User privacy is an increasingly important part of the internet and the social network DIASPORA* prides itself upon the creed that users
