Talk

A talk from ju256 and me about Chrome V8 internals with some case studies of common bugs. While the slides are okay to look at, there is a fair bit of context missing from what we say during the talk. Maybe we will give the talk in a similar form somewhere where it is recorded in the future.

KITCTF held the CTF of the GPN conference. Accompanying it, Martin and I gave a talk about CTFs and the CTF community. The talk was recorded.

At the meeting of my CTF team I gave a talk about Python jail escapes. I.e., CTF challenges where there is only a very limited execution environment and the goal is to get unrestricted code execution, e.g. executing os.system('cat flag.txt'). While I have the slides, I think reading the blog post on the KITCTF blog with all the examples I wrote for the talk is much more insightful. It is meant to serve as a practice problems for everyone who wants to get started with exploiting Python jails.

Systematization of knowledge in the field of Post-hoc Concept-Based Explanations. Find the slides here

Ghidra is a fairly complex reverse engineering tool, that has a lot of great features, that are not really intuitive to use. This talk was given together with intrigus for our CTF team KITCTF. It touches on many interesting but not easy to use features, specifically: Importing processor manuals Syncing decompiler and debugger pcode emulation Ghidra scripts in Java, and how you one use python 3 instead of python 2.7 Function signatures, how to use them in static binaries and how they work internally Adding custom architectures The slides should be navigated with n and p instead of arrow keys, because they are 2D slides.

With my CTF team KITCTF, each semester we do introductory talks about how get started with CTFs. I prepared an introductory talk about reverse engineering, that is meant to provide that absolute basics. You can find the slides here.

I talked about how C++ reverse engineering is very different from C reveres engineering. The talk touches on a research project I did at HexHive about a subtopic in that space. However, it is meant as a general introduction. Unfortunately, I can only provide you the slides and not the live demo. These are 2D slides so use n and p to navigate instead of the arrow keys.

Presentation about: Using stainless for Full Coverage Unit Test Generation

Note: Navigate the presentation with n and p keys. There are 2D slides. Presentation about: large scale empirical ethereum smart contract analysis There is also a blog post about the findings.

With my CTF team KITCTF each semester we do introductory talks about how to get started with CTFs. I gave the introductory talk to the introductory talks, i.e. what even are CTFs?, twice. You can find the slides of the latest iteration on the KITCTF website: Acquiring practical security knowledge through enjoyable hacking challenges. Additionally, I wrote a blog post just listing great materials, updating our last blog post from 2014, looking it might already be time for a slight update.