CSAW CTF 2015 - Alexander Taylor

The first part of the challenge is to find the initals of the club Alex was in university. Googling “Alexander Taylor Raytheon” brings up his LinkedIn, which shows that he went to the University of South Florida and was president of the Whitehatters Computer Security Club. Using the format: http://fuzyll.com/csaw2015/<initials here> http://fuzyll.com/csaw2015/wcsc is the first part. It says:

CSAW CTF 2015 - airport

Unzipping the airport file, there are two folders. __MACOSX is automatically generated by OSX and it is irrelevant to the challenge. steghide.jpg is compatible with the steghide tool. Identifying the four airports as:

1st: Jose Marti, Cuba
2nd: HongKong, China
3rd: LAX, USA
4th: Toranto Pearson, Canada

The third was difficult to guess because it was in Korean, but there were not many airports in Korea to guess from. However, the blog was speaking of the LAX airport. The fourth was difficult to guess because a reverse image search could not find a result, unlike the other three. Using the highway numbers listed, the airport was found on Google Maps. Enter in the airport codes in consecutive order. steghide extract -p "HAVHKGLAXYYZ" -sf steghide.jpg

CTFd - CTFs as you need them



A few weeks ago the CSAW CTF was run from NYU-Poly and over 2500 teams registered to play.

Build It Break Fix It

These past few weeks, we participated in Build it Break it Fix it. Our team consisted of Ancat, Blankwall, ColdHeat and Kiwi. Contestants were tasked with writing correct, secure and fast code in the Build it round. Next, the Break it round has them looking for bugs and vulnerabilities in other teams’ submissions. Finally, the Fix it round allows teams to unify bugs submissions against their team and gain back points.

Baby's First Heap Exploit - Defcon Quals 2014


The Other Kind of Patch

IDAPython is an IDA plugin which allows Python scripts to access IDA’s API, IDC, and all the modules already in Python. Most importantly, IDAPython allows us to manipulate IDA’s disassembly programmatically without leaving the familiarity of Python.

Aski Olympic CTF 2014 writeup

Brooklynt Overflow recently participated in Olympic CTF finishing in 29th place. This is a write up of the aski challenge.