Skip to main content

Posts

2023


Advanced Ghidra

Ghidra is a fairly complex reverse engineering tool, that has a lot of great features, that are not really intuitive to use. This talk was given together with intrigus for our CTF team KITCTF. It touches on many interesting but not easy to use features, specifically: Importing processor manuals Syncing decompiler and debugger pcode emulation Ghidra scripts in Java, and how you one use python 3 instead of python 2.7 Function signatures, how to use them in static binaries and how they work internally Adding custom architectures The slides should be navigated with n and p instead of arrow keys, because they are 2D slides.

Introduction to Reverse Engineering

With my CTF team KITCTF, each semester we do introductory talks about how get started with CTFs. I prepared an introductory talk about reverse engineering, that is meant to provide that absolute basics. You can find the slides here.

Rechnerstrukturen Vorlesungszusammenfassung

Vorlesungszusammenfassung der Vorlesung Rechnerstrukturen am KIT von Prof. Dr. Karl gehalten von Dr. Lars Bauer und Übungen gehalten von Thomas Becker. Die Klausur hat typischerweise einen hohen Anteil an Wissensfragen und die Bearbeitungszeit ist sehr knapp. Toggle all GrundlagenEinführungZunächst mechanische RechnerPlatz und Komplexität durch Dualsystem deutlich reduziertMoore’s Gesetz Anzahl der Transistoren, die auf einem IC integriert werden können, verdoppelt sich alle 18 Monate. Später angepasst auf alle zwei Jahre.

Software Engineering 2 Lecture Summary

Software Engineering 2 (SWT II) is the follow up lecture to Software Engineering 1 and is held by Prof. Dr. Reussner. It focusses on software architecture, quality and development processes. The first part of this post is a lecture summary organized as self test questions for active recall. Bellow there are answers to the learning goals presented in the last lecture. Design & RealizationClean CodingLehman’s first lawA system that is used will be changed

ImaginaryCTF rrng

Imaginary CTF is not your classical weekend CTF. Instead, they have been publishing fun challenges almost every day since April 2021 – pretty impressive. I’ve been solving some of their challenges here and there. This one, from last month, is especially fun. Also I wanted to try a jupyter notebook style write-up. Let me know if this helps comprehension or maybe is too much mixing of code and text. The challenge states:

C++ Reverse Engineering

I talked about how C++ reverse engineering is very different from C reveres engineering. The talk touches on a research project I did at HexHive about a subtopic in that space. However, it is meant as a general introduction. Unfortunately, I can only provide you the slides and not the live demo. These are 2D slides so use n and p to navigate instead of the arrow keys.

Privacy Enhancing Technologies Summary

PrivacyDefinitionsPrivacy dictionary definitionthe quality or state of being apart from company or observation : seclusion freedom from unauthorized intrusion <one's right to privacy>⇒ right to be let alone CS definition of privacythe claim of individuals … to determine for themselves when, how, and what extent of information about them is communicated to others. ~ Alan Westin (1967)Privacy Sphere modelModelling protection requirements (expectations) of classes of information as concentric circles of decreasing need for protection.

One Pixel Adversarial Attack - RCTF catspy

This post is about turning a photo of a cat into a photo of a goldfish by changing only one pixel, at least according to resnet50. With Organizers we participated in RCTF during the close race at the end 2022 to be #1 on CTFtime. This literally meant to participate in every high rated CTF and solving every challenge, including the miscy of the misc. The challenge catspy appeared at around 2am in the misc category and the description states:

Large Scale Empirical Ethereum Smart Contract Analysis

Abstract Ethereum smart contracts are Turing complete programs that operate on money and derived assets. With a market capitalization in the three digit billions, there is an interest in quantifying their usage. Despite blockchain data being public by design, large scale analysis of smart contracts is technically challenging to do on a large scale. We summarize methods to analyze contract usage on the Ethereum blockchain and categorize the most popular contracts by their application domain and behavior.