Security

With my CTF team KITCTF, each semester we do introductory talks about how get started with CTFs. I prepared an introductory talk about reverse engineering, that is meant to provide that absolute basics. You can find the slides here.

Imaginary CTF is not your classical weekend CTF. Instead, they have been publishing fun challenges almost every day since April 2021 – pretty impressive. I’ve been solving some of their challenges here and there. This one, from last month, is especially fun. Also I wanted to try a jupyter notebook style write-up. Let me know if this helps comprehension or maybe is too much mixing of code and text. The challenge states:

I talked about how C++ reverse engineering is very different from C reveres engineering. The talk touches on a research project I did at HexHive about a subtopic in that space. However, it is meant as a general introduction. Unfortunately, I can only provide you the slides and not the live demo. These are 2D slides so use n and p to navigate instead of the arrow keys.

This post is about turning a photo of a cat into a photo of a goldfish by changing only one pixel, at least according to resnet50. With Organizers we participated in RCTF during the close race at the end 2022 to be #1 on CTFtime. This literally meant to participate in every high rated CTF and solving every challenge, including the miscy of the misc. The challenge catspy appeared at around 2am in the misc category and the description states:

Lecture summary of the lecture operation systems security, organized with self test toggles. The lecture is concerned with binary exploitation from an offensive as well as a defensive point of view. I can really recommend the lecture, if you are interested in modern security mechanisms implemented by operating systems and hardware. Basic DefinitionsWhat is a vulnerability?What is the definition of an exploit? Set-uid-bitAllows an executable, that is owned by the user, to use root privileges during execution

With my CTF team KITCTF each semester we do introductory talks about how to get started with CTFs. I gave the introductory talk to the introductory talks, i.e. what even are CTFs?, twice. You can find the slides of the latest iteration on the KITCTF website: Acquiring practical security knowledge through enjoyable hacking challenges. Additionally, I wrote a blog post just listing great materials, updating our last blog post from 2014, looking it might already be time for a slight update.

With KITCTF we participated in the bo01lers CTF and finished 6th. There were some quite fun challenges. Including the resnet challenge, which is a machine learning challenge. I hope to see more machine learning challenges in the future. Challenge description: A naive AI startup released a new visual password system based on State-of-the-Art Neural Network technology. Wanting to save on costs they reuse the popular Resnet model to create embeddings which input password images are checked against hoping to leverage the feature extraction capabilities of Resnet.

Read more writeups at kitctf.de Challenge description: Our lab administrator has just passed out from a strange virus. Please help us find the password to his messaging app so we can identify what he was working on and save his life. We are given an apk (Android Package) starting it, it asks for username and password to enter. It does not require any network connection, so it is a classical CrackMe.

Read more writeups at kitctf.de Challenge description: Please use my shitty blog 🤎! We are given a docker container running php. The only notable things about it, is that there is a readflag binary on the server and that the webroot is /var/www/html. Other than that only index.php is interesting: <?php // TODO: fully implement multi-user / guest feature :( $secret = 'SECRET_PLACEHOLDER'; $salt = '$6$'.substr(hash_hmac('md5', $_SERVER['REMOTE_ADDR'], $secret), 16).'$'; if(! isset($_COOKIE['session'])){ $id = random_int(1, PHP_INT_MAX); $mac = substr(crypt(hash_hmac('md5', $id, $secret, true), $salt), 20); } else { $session = explode('|', $_COOKIE['session']); if( !

Tenbagger #Challenge description: I think I took it too far and made some trades and lost everything. My only chance to fix my account balance is a tenbagger. We are given a pcap and open in Wireshark. It contains a lot of what looks like normal web browsing. But somewhere in there are a few FIX messages. FIX is the Financial Information eXchange protocol. First, I thought that we need to get the credentials from the FIX login, but there are no such packages.