Archive for the ‘ Report ’ Category

Exploiting a Go Binary

Introduction

Earlier this year, tylerni7 showed us a proof of concept for a 32 bit Go exploit using this issue. geohot and I had a wager over who could get the first remote code execution on play.golang.org: he won, but just barely ;-). Props also to ricky for helping to find the underlying cause/writing the patch. Here is a summary of how we did it.

Note: play.golang.org is properly sandboxed, so code execution there does not actually let you do anything. Had this been a more serious bug that could actually be used for anything malicious, we would have reported it and not used it as a CTF problem.

This post is cross posted on my personal blog, original post there.

Read more

2013
04/21
CATEGORY
Report
Write-Ups
TAGS

1 comment

Pai Mei on Mac OSX 10.8

tl;dr

Pai Mei is an open source windows reverse engineering framework. At one point, it was ported to Mac OSX but the project is not very actively maintained and the current instructions are quite lacking. This post hopes to offer some guidance and reduce some of the frustration involved in installing Pai Mei on Mac OSX.

Read more

2012
10/28
CATEGORY
Report
1 comment

pCTF 2012 Statistics

As many of you know, PPP recently ran its own CTF: PlaidCTF. As running a CTF tends to produce a lot of data, we thought it might be interesting to have a look at some of the statistics related to this data.

Upon first looking at the pCTF data, I was curious about the kinds of problems that were solved – as in, was one category more particularly heavily solved than another? Furthermore, how well did we do at weighting problems by difficulty?

Read more

2012
06/06
CATEGORY
General News
Report
Write comment

Securing and Exploiting Go Binaries

Introduction

I have spent some time over the past month or so trying to use Go binaries in a secure manner and trying to exploit Go binaries and I thought it would be useful if I talked a little bit about my journey.

First, I have been working in Go for about a year now. As part of this years pCTF, I created a problem that involved exploiting a Go binary (binary and source here). I consequently had to deal with securing the binary to prevent leaking unnecessary information and had some fun playing around with exploiting a Go binary.

Read more

2012
05/06
CATEGORY
Report
Write-Ups
TAGS


1 comment