CSC 04/23 - Hacking the Motherboard - Exploiting implicit trust in all of the forgotten places
Our economy is becoming more specialized and more and more tasks are being automated. We must have confidence in these systems and the technical infrastructure that supports them. However, this confidence relies on too much implicit trust – overlooking serious risks. Assurance in this area is hard won, manual, and costly.
Pivoting Around Memory
When exploiting a program, there’s four primary regions of memory that matter to us:
- The program itself
- The stack
- The heap
Teaser Dragon CTF 2018 AES-128-TSB Write Up
This is a writeup of the AES-128 TSB challenge from Teaser Dragon CTF 2018
A Brief Exploration of CVE-2018-10938
Hey! It’s been a while since our last post, but be on the lookout for drops of CTF writeups, security research project updates, and more.
Hack.lu CTF 2017 Indianer Write Up
This is a writeup of the Indianer challenge from Hack.lu 2017
CSAW CTF 2017 Revisiting Auir
This is a short post to (hopefully) answer some of the questions that I have received about my exploit auir.py and talk about a few interesting things that I have found.
CSAW CTF 2017 Infrastructure Overview
We’ve had a few people ask us over the past couple of years how we deploy CTFd and our challenges to serve the more than 2000 teams we have in CSAW CTF Quals, so here’s a quick post explaining how we do it.