Browsing Tag



CSAW. Red Team competition. «Babyrev»

Babyrev is reversing challenge on CSAW «Red team competition» where have to pass 99 rounds of input 4-digits code based on some check function.  Main graph on IDA:  Disassembly of check(): Dump of assembler code for function check: 0x0000000000400893 <+0>: push rbp 0x0000000000400894 <+1>: mov rbp,rsp 0x0000000000400897 <+4>: mov QWORD


Cybercamp 2018 quals: «Oh my G0d!»

Intro As a frequently player on cybergames and ctf’s this year wanted play on prequal of Cybercamp CTF 2018 organized by INCIBE. This allows me to take a snapshot of the maturity and quality of both platforms and challenges, apart from having a good time solving some problems (not always played


n00bs CTF Labs by Infosec Institute

This time InfoSec Institute bring us the opportunity to learn a very basic concepts for n00bs on a CTF with 15 Levels. Level 1 Just browse the source and see the comment. <!– infosec_flagis_welcome –> flag: infosec_flagis_welcome Level 2 Seems we have a broken image here. Just to see binary output


Second NotSoSecure SQLiLab CTF

Dear fellow Hackers!, thanks for signing up for the 2nd SQLiLab CTF. The CTF is now on!. Before you go all out hacking the CTF, here are some rules of the engagement: 1. Strictly no brute-forcing. There is no need to brute-force anything. If we see any excessive brute-forcing attempt,


Mission 1 & Mission 2 Write-Ups – Security-BSides London

Hi all!. Last february i have participated on Security BSides Challenges, here: Yesterday @AlecRWaters contacts me to confirm that we get second position on both challenges. So got a ticket to this  infosec conference. "Hi , I’m delighted to announce that you’ve won second prize in both Challenge 1 and

CTF, Wargame,

ASIS CTF – simple pcap «spcap» writeup

A simple task named spcap (simple pcap). We open it with wireshark and get the Statistics->Conversations. Some SSH, HTTP on it. Apply this filter on HTTP: ip.addr== && tcp.port==52694 && ip.addr== && tcp.port==80 We notice that if we follow TCP stream there’s a GET request file called «/files/flag.jpg», so we