Skip to main content
  1. Categories/

Talk

2023


Introduction to V8 JIT Compilation

A talk from ju256 and me about Chrome V8 internals with some case studies of common bugs. While the slides are okay to look at, there is a fair bit of context missing from what we say during the talk. Maybe we will give the talk in a similar form somewhere where it is recorded in the future.

Python Jail Escapes

At the meeting of my CTF team I gave a talk about Python jail escapes. I.e., CTF challenges where there is only a very limited execution environment and the goal is to get unrestricted code execution, e.g. executing os.system('cat flag.txt'). While I have the slides, I think reading the blog post on the KITCTF blog with all the examples I wrote for the talk is much more insightful. It is meant to serve as a practice problems for everyone who wants to get started with exploiting Python jails.

Advanced Ghidra

Ghidra is a fairly complex reverse engineering tool, that has a lot of great features, that are not really intuitive to use. This talk was given together with intrigus for our CTF team KITCTF. It touches on many interesting but not easy to use features, specifically: Importing processor manuals Syncing decompiler and debugger pcode emulation Ghidra scripts in Java, and how you one use python 3 instead of python 2.7 Function signatures, how to use them in static binaries and how they work internally Adding custom architectures The slides should be navigated with n and p instead of arrow keys, because they are 2D slides.

Introduction to Reverse Engineering

With my CTF team KITCTF, each semester we do introductory talks about how get started with CTFs. I prepared an introductory talk about reverse engineering, that is meant to provide that absolute basics. You can find the slides here.

C++ Reverse Engineering

I talked about how C++ reverse engineering is very different from C reveres engineering. The talk touches on a research project I did at HexHive about a subtopic in that space. However, it is meant as a general introduction. Unfortunately, I can only provide you the slides and not the live demo. These are 2D slides so use n and p to navigate instead of the arrow keys.

2022


What are CTFs?

With my CTF team KITCTF each semester we do introductory talks about how to get started with CTFs. I gave the introductory talk to the introductory talks, i.e. what even are CTFs?, twice. You can find the slides of the latest iteration on the KITCTF website: Acquiring practical security knowledge through enjoyable hacking challenges. Additionally, I wrote a blog post just listing great materials, updating our last blog post from 2014, looking it might already be time for a slight update.