V8, the JavaScript engine, is largely undocumented. An important source to understand V8 are design documents. To the best of my knowledge, there is no index of all design docs. I made an attempt to create at least a partial index, i.e. all design docs I know of. It is not limited to design docs in the strict sense; more like “Google Doc with details about V8 development”.
This is the current state of it.
Python jail escapes have evolved into their own CTF category over the past years. I recently gave a talk and wrote a blog post for my CTF team, where I give an introduction to the topic and show some classical examples. CSAW CTF finals I played with team polyflag, overall the CTF was pretty mid with a lot of guessing and an unacceptable required VPN setup, where we had to install some random VPN client on our machines (with sudo curl .
This is the second part of my adoption of …ing the technical interview. A blog series by Aphyr about writing programs in funny, non-standard ways. Again this is a writeup of a CTF challenge I created. Specifically, the dive in the lake challenge of LakeCTF, organized by the CTF of EPFL polygl0ts.
Since, the last technical interview in Java was apparently not enough to get me hired as a performance engineer, I need to go to the binary level.
I really like the blog series …ing the technical interview from Aphyr. Besides the humor, I enjoy seeing Turing completeness in parts of systems that many people use but that were not designed to write entire programs in.
Jeg snakker lite norsk and I can’t write anything as funny as the original. But I write CTF challenges from time to time. CTF reverse engineering challenges are the perfect place for implementing such weird things and getting the joy of many people trying to figure it out.
This is a writeup of an easy/medium pwn challenge called “Profile” featuring a type confusion, some GOT overwriting, and a funny but unnecessary one gadget exploit for the fun of it.
We are given the following files:
main.c profile (binary) Dockerfile docker-compose.yml Let’s look at main.c and see if we can spot a vulnerability from the provided source code.
#include <stdio.h> #include <stdlib.h> #include <string.h> #include <time.h> struct person_t { int id; int age; char *name; }; void get_value(const char *msg, void *pval) { printf("%s", msg); if (scanf("%ld%*c", (long*)pval) !
Solution to the Cyber Security Rumble Finals challenge simple-asm.
The challenge is strait forward. It defines an custom set of instructions, that get translated to x64 instructions directly and are then executed at a fixed offset, in a no-PIE binary. The translation lacks checks, such that the instructions do more than they should at first sight, when using specific higher register.
This is the provides challenge source code, also running on the remote instance:
Vorlesungszusammenfassung der Vorlesung Rechnerstrukturen am KIT von Prof. Dr. Karl gehalten von Dr. Lars Bauer und Ăśbungen gehalten von Thomas Becker. Die Klausur hat typischerweise einen hohen Anteil an Wissensfragen und die Bearbeitungszeit ist sehr knapp.
Toggle all
GrundlagenEinführungZunächst mechanische RechnerPlatz und Komplexität durch Dualsystem deutlich reduziertMoore’s Gesetz Anzahl der Transistoren, die auf einem IC integriert werden können, verdoppelt sich alle 18 Monate. Später angepasst auf alle zwei Jahre.
Software Engineering 2 (SWT II) is the follow up lecture to Software Engineering 1 and is held by Prof. Dr. Reussner. It focusses on software architecture, quality and development processes. The first part of this post is a lecture summary organized as self test questions for active recall. Bellow there are answers to the learning goals presented in the last lecture.
Design & RealizationClean CodingLehman’s first lawA system that is used will be changed
Imaginary CTF is not your classical weekend CTF. Instead, they have been publishing fun challenges almost every day since April 2021 – pretty impressive. I’ve been solving some of their challenges here and there. This one, from last month, is especially fun. Also I wanted to try a jupyter notebook style write-up. Let me know if this helps comprehension or maybe is too much mixing of code and text.
The challenge states: