CSC 04/23 - Hacking the Motherboard - Exploiting implicit trust in all of the forgotten places

Our economy is becoming more specialized and more and more tasks are being automated. We must have confidence in these systems and the technical infrastructure that supports them. However, this confidence relies on too much implicit trust – overlooking serious risks. Assurance in this area is hard won, manual, and costly.

Pivoting Around Memory

When exploiting a program, there’s four primary regions of memory that matter to us:

  • The program itself
  • The stack
  • libc
  • The heap

Teaser Dragon CTF 2018 AES-128-TSB Write Up

This is a writeup of the AES-128 TSB challenge from Teaser Dragon CTF 2018

A Brief Exploration of CVE-2018-10938

Hey! It’s been a while since our last post, but be on the lookout for drops of CTF writeups, security research project updates, and more.

Hack.lu CTF 2017 Indianer Write Up

This is a writeup of the Indianer challenge from Hack.lu 2017

CSAW CTF 2017 Revisiting Auir

This is a short post to (hopefully) answer some of the questions that I have received about my exploit auir.py and talk about a few interesting things that I have found.

CSAW CTF 2017 Infrastructure Overview

We’ve had a few people ask us over the past couple of years how we deploy CTFd and our challenges to serve the more than 2000 teams we have in CSAW CTF Quals, so here’s a quick post explaining how we do it.

CSAW CTF 2016 Finals Problems repo release

A few weeks ago, we ran the annual CSAW CTF finals round. We’ve released the problems so that anyone can play the problems themselves at home.