Security

At the meeting of my CTF team I gave a talk about Python jail escapes. I.e., CTF challenges where there is only a very limited execution environment and the goal is to get unrestricted code execution, e.g. executing os.system('cat flag.txt'). While I have the slides, I think reading the blog post on the KITCTF blog with all the examples I wrote for the talk is much more insightful. It is meant to serve as a practice problems for everyone who wants to get started with exploiting Python jails.

Ghidra is a fairly complex reverse engineering tool, that has a lot of great features, that are not really intuitive to use. This talk was given together with intrigus for our CTF team KITCTF. It touches on many interesting but not easy to use features, specifically: Importing processor manuals Syncing decompiler and debugger pcode emulation Ghidra scripts in Java, and how you one use python 3 instead of python 2.7 Function signatures, how to use them in static binaries and how they work internally Adding custom architectures The slides should be navigated with n and p instead of arrow keys, because they are 2D slides.

With my CTF team KITCTF, each semester we do introductory talks about how get started with CTFs. I prepared an introductory talk about reverse engineering, that is meant to provide that absolute basics. You can find the slides here.

Imaginary CTF is not your classical weekend CTF. Instead, they have been publishing fun challenges almost every day since April 2021 – pretty impressive. I’ve been solving some of their challenges here and there. This one, from last month, is especially fun. Also I wanted to try a jupyter notebook style write-up. Let me know if this helps comprehension or maybe is too much mixing of code and text. The challenge states:

I talked about how C++ reverse engineering is very different from C reveres engineering. The talk touches on a research project I did at HexHive about a subtopic in that space. However, it is meant as a general introduction. Unfortunately, I can only provide you the slides and not the live demo. These are 2D slides so use n and p to navigate instead of the arrow keys.

This post is about turning a photo of a cat into a photo of a goldfish by changing only one pixel, at least according to resnet50. With Organizers we participated in RCTF during the close race at the end 2022 to be #1 on CTFtime. This literally meant to participate in every high rated CTF and solving every challenge, including the miscy of the misc. The challenge catspy appeared at around 2am in the misc category and the description states:

Lecture summary of the lecture operation systems security, organized with self test toggles. The lecture is concerned with binary exploitation from an offensive as well as a defensive point of view. I can really recommend the lecture, if you are interested in modern security mechanisms implemented by operating systems and hardware. Basic DefinitionsWhat is a vulnerability?What is the definition of an exploit? Set-uid-bitAllows an executable, that is owned by the user, to use root privileges during execution

With my CTF team KITCTF each semester we do introductory talks about how to get started with CTFs. I gave the introductory talk to the introductory talks, i.e. what even are CTFs?, twice. You can find the slides of the latest iteration on the KITCTF website: Acquiring practical security knowledge through enjoyable hacking challenges. Additionally, I wrote a blog post just listing great materials, updating our last blog post from 2014, looking it might already be time for a slight update.

With KITCTF we participated in the bo01lers CTF and finished 6th. There were some quite fun challenges. Including the resnet challenge, which is a machine learning challenge. I hope to see more machine learning challenges in the future. Challenge description: A naive AI startup released a new visual password system based on State-of-the-Art Neural Network technology. Wanting to save on costs they reuse the popular Resnet model to create embeddings which input password images are checked against hoping to leverage the feature extraction capabilities of Resnet.

Read more writeups at kitctf.de Challenge description: Our lab administrator has just passed out from a strange virus. Please help us find the password to his messaging app so we can identify what he was working on and save his life. We are given an apk (Android Package) starting it, it asks for username and password to enter. It does not require any network connection, so it is a classical CrackMe.