Skip to main content
Wachter Space 🚀

Posts

2022


Operation System Security Lecture Summary

Lecture summary of the lecture operation systems security, organized with self test toggles. The lecture is concerned with binary exploitation from an offensive as well as a defensive point of view. I can really recommend the lecture, if you are interested in modern security mechanisms implemented by operating systems and hardware. div.page-body ul { list-style-type: none; } div.page-body h1 { font-size: 37px; } Basic DefinitionsWhat is a vulnerability?

b01lers CTF resnet Model Inversion

With KITCTF we participated in the bo01lers CTF and finished 6th. There were some quite fun challenges. Including the resnet challenge, which is a machine learning challenge. I hope to see more machine learning challenges in the future. Challenge description: A naive AI startup released a new visual password system based on State-of-the-Art Neural Network technology. Wanting to save on costs they reuse the popular Resnet model to create embeddings which input password images are checked against hoping to leverage the feature extraction capabilities of Resnet.

Self Test Questions Data Science I

Answers to self test questions for the lecture “Data Science I” at KIT. If you spot any errors, write me an e-mail or Discord message. div.page-body ul { list-style-type: none; } div.page-body h1 { font-size: 37px; } Lecture 1: IntroductionGive examples of applications of clustering.Customer groups clustered based on bought productsUnsupervised malware family identificationOutlier DetectionDescribe a scenario from natural sciences, in which classification is useful: What are the attributes/class?

Self Test Questions Machine Learning

Self test questions for the lecture “Machine Learning - Foundations and Algorithms” at KIT. div.page-body ul { list-style-type: none; } Lecture 3: Model SelectionWhy is it a bad idea to evaluate your algorithm on the training set?Evaluating on the training set, rewards overfitting. Overfitting means learning training points by heart, instead of approximating the distribution the training points were drawn from. A trivial algorithm that just stores and queries all training points, has 100 % accuracy on the training set.

Insomnihack Teaser 2022: Herald

Read more writeups at kitctf.de Challenge description: Our lab administrator has just passed out from a strange virus. Please help us find the password to his messaging app so we can identify what he was working on and save his life. We are given an apk (Android Package) starting it, it asks for username and password to enter. It does not require any network connection, so it is a classical CrackMe.

2021


hxp CTF: shitty blog

Read more writeups at kitctf.de Challenge description: Please use my shitty blog 🤎! We are given a docker container running php. The only notable things about it, is that there is a readflag binary on the server and that the webroot is /var/www/html. Other than that only index.php is interesting: <?php // TODO: fully implement multi-user / guest feature :( $secret = 'SECRET_PLACEHOLDER'; $salt = '$6$'.substr(hash_hmac('md5', $_SERVER['REMOTE_ADDR'], $secret), 16).

Self Test Questions Entrepreneurship

Self test questions for the lecture entrepreneurship at KIT. table, th, td { border: 1px solid rgba(55, 53, 47, 0.09); border-collapse: collapse; } table { border-left: none; border-right: none; } th, td { font-weight: normal; padding: 0.25em 0.5em; line-height: 1.5; min-height: 1.5em; text-align: left; } th { color: rgba(55, 53, 47, 0.6); } ol, ul { margin: 0; margin-block-start: 0.6em; margin-block-end: 0.6em; } li ol:first-child, li ul:first-child { margin-block-start: 0.

hack.lu CTF 2021 Writeups

Tenbagger # Challenge description: I think I took it too far and made some trades and lost everything. My only chance to fix my account balance is a tenbagger. We are given a pcap and open in Wireshark. It contains a lot of what looks like normal web browsing. But somewhere in there are a few FIX messages. FIX is the Financial Information eXchange protocol. First, I thought that we need to get the credentials from the FIX login, but there are no such packages.

ASIS CTF 2021 Writeups

These are writeups for the first CTF I participated in during a weekend. Before that I only solved some picoctf and Google Beginners quest challenges after the events. I played with KITCTF the CTF team of the Karlsruhe Institute of Technology. Factory # Challenge description In the simplest terms, factory misco-graphy is the ratio of output to input! The challenge file is only one pdf. Opening the only shows the text “Real-World Misco-graphy”.

Mitschrift Vertragsgestaltung am KIT

Mitschrift der Vorlesung Vertragsgestaltung am KIT, die von Rechtsanwalt Stephan Leipert als Gastdozent gehalten wird. Schaut auch auf seinem YouTube-Kanal vorbei. Markus Bilz hat ebenfalls eine Mitschrift auf seiner Webseite erstellt. Die Wiederholungsfragen habe ich in einem anderen Post beantwortet. Allgemeines # Klausur am 23.09.2021 12:00 Wissensfragen + Fälle (40/60) Fälle müssen nicht zwingend im Gutachtenstil. Aber gute Strukturierung Gesetze BGB HGB/GmbHG gegen Ende, wird aber im Gesetz abgedruckt Literatur: Vertiefend, nicht zwingend Schmittat, Einführung in die Vertragsgestaltung Moes, Grundlagen der Vertragsgestaltung Aderhold/Koch/Lenkaitis, Vertragsgestaltung Folien werden mit Passwort auf Anwaltshomepage Jedes mal ein anderes Überblicksvorlesung, keine Details Folien auf Webseite 1.