-
CrowdStrike Adversary Quest 2021: Write-up
Recently, CrowdStrike Intelligence ran a small CTF for about two weeks with twelve challenges spread over a wide selection of categories. I managed to solve all the challenges and got eighth place. The challenges were of very high quality and I thoroughly enjoyed them so I decided to publish my solutions here. This is not a full write-up with a lot of details but more a short summary of my solution to each problem. The challenges were divided into three storylines, “adversaries” with four challenges each and as such I will structure this post in the same way.
-
SANS Holiday Hack Challange 2020: Writeup
This is my write-up for the SANS Holiday Hack Challenge 2020. There are two types of challenges: the main objectives and the extra terminals. In the game they are interleaved since solving terminals give you hints for the main objectives but here I have separated them into two sections.
-
Exploiting the Starcraft 1 EUD Bug
Starcraft, released in 1998, is still one of the best strategy games ever made. Over 20 years later it still has a strong community and a remastered version was released in 2017 with updated graphics and sound. However, like most software, it has had it fair share of bugs. One of these bugs was an arbitrary read/write vulnerability in the parser for the scripts embedded in the maps of the game. As long as I’ve known about the bug I had assumed it could be used for exploitation but I had never seen a public example of this. Last weekend, I sat down and wrote an exploit myself and also turned this into a challenge for the Midnight Sun CTF 2020 qualifiers. In this first blog post I will go through some background, explain the bug and the exploit I wrote for it. In part two I will explain how I turned this into a CTF challenge and some of the solutions the teams came up with.
-
SecurityFest 2019 - Software Obfuscation with LLVM
At the end of May, I gave a presentation at SecurityFest 2019. I talked about the code obfuscation and how to use the LLVM compiler framework to obfuscate code. The recorded talk is available at the SecurityFest YouTube channel and you can download the slides here.
-
0xFF - Talk and workshop about CTF
Back in April, I gave a presentation and hosted a workshop on CTF at the 0xFF meetup. I talked about what CTFs are, why you should play them and how to get started. At the workshop, the participants got to try some basic CTF challenges from various categories. The recorded talk is available at the 0xFF YouTube channel and you can download the slides (from both the talk and the workshop) here.
subscribe via RSS