Friday, January 14, 2011

ShmooCon CTF Warmup Contest - JavaScrimpd

Last week-end was ShmooCon CTF Warmup Contest (aka Ghost in the Shellcode 2011). Three challenges, the last one being an ELF binary + hostname of a server.

Congrats to awesie/zoaedk & tylerni7 of team PPP for solving it pretty quickly. And since they explained the level pretty well, I really invite you to read their solution.

Thursday, January 13, 2011

Some news...

Recently I've been playing with gdb 7.2 and python. It extends what we can have with a great .gdbinit such as gdbinit73. As examples, read the following articles presenting some of the features, or just browse the Python API offered by gdb. A good introduction to gdb and python is also this article by sha on Nibbles blog (english here).

Last week-end were given nice challenges to win a ticket for ShmooCon security conference later this month. Congrats to awesie/zoaedk & tylerni7 of team PPP for solving #3 (see their writeup), a cool network binary involving JS code, a stack-based buffer overflow and some memory leak. I wasn't fast nor good enough but learned a lot!

Speaking of which, get ready for Paradox Conference this week-end in Korea: they provide an online CTF contest, should be challenge-based like defcon quals.
Update: this week-end there is also Wargame SbD I organized by our spanish friends at Security by Default (SbD). Unlike Padocon, there is a nice prize (amazon gift card which is worth an iPad). Thanks @aramosf for reminding me.

Realized again Ubuntu security features. Ptrace scope for instance, protects against same-user ptraces to peek into another process memory.

Made a very small to patch a binary from a DIF file produced by IDA. Did not find any better method to do that :/

Also, 27c3 was great. And I love Berlin :)

Last but not least, hacky new year!