Posts

At the meeting of my CTF team I gave a talk about Python jail escapes. I.e., CTF challenges where there is only a very limited execution environment and the goal is to get unrestricted code execution, e.g. executing os.system('cat flag.txt'). While I have the slides, I think reading the blog post on the KITCTF blog with all the examples I wrote for the talk is much more insightful. It is meant to serve as a practice problems for everyone who wants to get started with exploiting Python jails. If you want to see a slightly more complex example of a Python jail escape, check out my other blog post.

Systematization of knowledge in the field of Post-hoc Concept-Based Explanations.

Ghidra is a fairly complex reverse engineering tool, that has a lot of great features, that are not really intuitive to use. This talk was given together with intrigus for our CTF team KITCTF. It touches on many interesting but not easy to use features, specifically:

With my CTF team KITCTF, each semester we do introductory talks about how get started with CTFs. I prepared an introductory talk about reverse engineering, that is meant to provide that absolute basics. You can find the slides here.

Vorlesungszusammenfassung der Vorlesung Rechnerstrukturen am KIT von Prof. Dr. Karl gehalten von Dr. Lars Bauer und Übungen gehalten von Thomas Becker. Die Klausur hat typischerweise einen hohen Anteil an Wissensfragen und die Bearbeitungszeit ist sehr knapp.

Software Engineering 2 (SWT II) is the follow up lecture to Software Engineering 1 and is held by Prof. Dr. Reussner. It focusses on software architecture, quality and development processes. The first part of this post is a lecture summary organized as self test questions for active recall. Bellow there are answers to the learning goals presented in the last lecture.

Imaginary CTF is not your classical weekend CTF. Instead, they have been publishing fun challenges almost every day since April 2021 – pretty impressive. I’ve been solving some of their challenges here and there. This one, from last month, is especially fun. Also I wanted to try a jupyter notebook style write-up. Let me know if this helps comprehension or maybe is too much mixing of code and text.

I talked about how C++ reverse engineering is very different from C reveres engineering. The talk touches on a research project I did at HexHive about a subtopic in that space. However, it is meant as a general introduction. Unfortunately, I can only provide you the slides and not the live demo. These are 2D slides so use n and p to navigate instead of the arrow keys.

This post is about turning a photo of a cat into a photo of a goldfish by changing only one pixel, at least according to resnet50. With Organizers we participated in RCTF during the close race at the end 2022 to be #1 on CTFtime. This literally meant to participate in every high rated CTF and solving every challenge, including the miscy of the misc. The challenge catspy appeared at around 2am in the misc category and the description states: