During the PlaidCTF challenge, there were a couple of binaries which, whilst I had a general idea of how the vulnerability worked, I couldn't complete in time to grab a flag. This has been bugging me since the end of the CTF, so I wanted to revisit one such challenge and see what I was missing. That challenge was "bigpicture". To begin with, you are given a simple description
Read More »This weekend I joined team NeverTry on PlaidCTF. One of the interesting challenges that I attempted was the "no_mo_flo" reverse engineering exercise. The description provided was simple... Can you go with the flow? To begin with, we load the challenge in IDA Pro. After some parsing, we see the first step is to read 0x20 bytes from STDIN
Read More »If there is one thing I've come to appreciate over this past few weeks, it's just how much support you are provided from the Win32 API. That being said, I wanted to tackle some Linux process injection, with the aim of loading a shared object into another process address space without having to resort to LD_PRELOAD, or stopping the process. The goal I set myself was quite simple, could I recover plain text credentials from the sshd process using ptrace. Granted, this is a bit of an arbitrary goa
Read More »As you may have noticed, I've migrated my blog from Tumblr to a shiny Ghost powered engine. While it does feel like I'm leaving the social media buzzword bingo revolution behind, editing on Tumblr wasn't exactly made with lengthy InfoSec posts in mind. Of course, moving to Ghost in my case means provisioning and managing a new server, so I wanted to take some time to document the architecture of my solution incase anyone else is looking to make a similar change in the future. Hosting My hosti
Read More »Of all the BSidesSF CTF challenges, I think this one has to be my favourite. Combining a mix of packet capture analysis, scripting, frustration, and trying to beat the clock. The brief provided by the challenge was quite straight forward
Read More »