We participated in the iCTF 2019 and finished 2nd.
Last Friday we took part in this year's iCTF. The theme was "Race Condition", and like last year, the competition was open to everyone and hosted racing cars, err, vulnbox VMs were provided in the cloud 🌩️.
New this year was a combination of Jeopardy challenges and classic Attack/Defense gameplay, "Jeopardy Defense" so to speak. The Jeopardy challenges were demanding by themselves (TI-83+ assembly, anyone?) and could be used to unlock functionality in the AD services. Like with a real car, there is no reset button if you crash it or someone throws forkbombs around - a lot of self-driving, cloud-connected cars were left behind in the dust...
We had a slow start to the race - it certainly did not help that we ran out of disk space on our network share as well as on the vulnbox, at the same time. Ooops, what fun. We even managed to steal a flag for a service - which was promptly disabled for not really being challenging. Later in the game we did a better job at keeping our services up and collecting defense points, steadily inching forward to crawl over the finish line in the 2nd place!
Thanks to Shellphish for organizing the game and to SBA Research for providing a classy hacking location and keeping us steadily supplied with Mate, Beer & Pizza!
Intro Meetup: Attack/Defense
FAUST CTF is coming
Next week, we will participate in FAUST CTF, an online attack-defense CTF. We will meet up at SBA Research and participate together. If you are curious about participating, what CTFs are or what's special about attack-defense CTFs, we are hosting this preparation meetup as part of our weekly CTF/Security meetup series. If you can't make it to the meetup, but still want to participate in the CTF, please contact us. Where: @EI3A, TU Wien (Gußhausstraße 25, 1040...
Intro Meetup: Reversing
Intro to reversing: disassembly/side channels
Where: @EI3A, TU Wien (Gußhausstraße 25, 1040 Wien, 2nd Floor) When: Thursday, 17.05.2018, 17:30 (CEST) What: Intro to Reverse Engineering, disassembly and software side channel attacks...
UCSB iCTF 2017 - yacs
Yet another... cat service?!
yacs is a tool to store and later retrieve text snippets. If you store program source code there, it can even compile it for you! So handy. Of course, everything is protected using state-of-the-art user authorization and password hashing. It's a big C++ compiled binary which uses a local SQLite database file for data storage. Here's a normal create/list paste workflow: ___...