This challenge was relatively straightforward, especially given the fact that we have access to the source. {% highlight ruby %} require 'drb/drb' class TimeServer def initialize @flag = "FLAG" end def get_current_time Time.now end end $SAFE = 1 DRb.start_service("druby://0.0.0.
A few weeks ago the CSAW CTF Finals were held at NYU-Poly with 15 finalist teams competing. We're releasing most of the CSAW CTF Finals challenges in VMs for those who were not competing to download and try on their own. CSAW Finals VM - MD5: d13e29da1b3d59a5407fd9dc6e956e4f Brad
After reading through the Mandiant APT1 report detailing the presence of the Advanced Persistent Threat group 1 (APT1) which has been attacking a devastating number of companies and governments around the world a variety of questions come to mind. Considering the amount of time that has passed since Mandiant published
July 5-7 Brooklynt Overflow participated in SIGINT CTF hosted by the good folks over at CCCAC in Germany. Despite the fact that Brooklynt Overflow is not always the most effective team during the summer owing to inability to gather in the same place and the fact this competition was over
PHP strip_tags not a complete protection against XSS" was originally written by Dan Guido when he was a student in the ISIS Lab. On August 13th .mario, a high-profile member of the sla.ckers.org forum, alerted me to a XSS issue on the CSAW registration form. I
This was done while interning at Gotham Digital Science and the original blog post can be found here: http://blog.gdssecurity.com/labs/2013/5/8/writing-an-xss-worm.html User privacy is an increasingly important part of the internet and the social network DIASPORA* prides itself upon the creed that users
For Hack Night, Nitin and I set about teaching students how to read and write x86 assembly. I was tasked with teaching students how to write x86. Naturally, being short on time I decided to cheat by writing some C code, compiling it, and taking a peek at the output
This past weekend, April 19th 2013 in the year of our lord, Brooklynt Overflow assembled to partake in the spectacle of pwning known as PlaidCTF. I'm particularly fond of PlaidCTF because it is the first CTF that I played in as a member of Brooklynt Overflow so many
If you were busy in Cancun over spring break, you missed out on our hardware hacking workshop in the ISIS lab! Hardware hacking is an important area of security research because while vulnerabilities in software and network interfaces have more visibility, vendors of hardware systems typically do not expect attacks
Introduction Last month, Brooklynt Overflow competed in the UCSB iCTF competition. Unlike some of the other competitions we've been playing in lately, this was an attack/defense style competition in which we had a Virtual Machine containing 9 vulnerable services; our goals were to find the vulnerabilities within
We hope you enjoyed our April Fools' Joke! Subscribe to our blog for technical posts on offensive security. Check out our program here. The ISIS Lab has teamed up with Microsoft, Google, Adobe, and Carnegie Mellon University Cylab to fix security. Our distributed static binary analysis whitebox fuzzing sandbox
Just a bit of warning about clang. By the default state the clang compiler does not install stack cookie checks to its function calls. Given a simple function that managers buffers: {% highlight c%} int inner(char * input) { char buf[8]; strcpy(buf, input); return(-0); } int main(int argc, char
