How NOT to solve FlareOn Level 6 with symbolic execution

Level 6 of FlareOn 2018 was a challenge involving having to solve 666 similar crackmes. After looking a bit at the problem, I realized it would be a fun challenge to actually solve with symbolic execution using angr and a bit of Binary Ninja. By “fun”, I mean waiting 28 hours to actually receive the flag.

»
Author's profile picture Cory Duplantis on reverse

FlareOn 2018 Level 5 - Solving WebAssembly Crackme (Part II - Wasabi)

Level 5 of FlareOn 2018 was a WebAssembly crackme challenge where we were handed a compiled wasm file and told to extract the password. Here we will look into two different ways of solving this challenge: ReCompilation to x86 (previous blog post) and using a new dynamic-analysis framework called Wasabi (this blog post).

»
Author's profile picture Cory Duplantis on reverse

FlareOn 2018 Level 5 - Solving WebAssembly Crackme (Part I - Recompilation and Chrome)

Level 5 of FlareOn 2018 was a WebAssembly crackme challenge where we were handed a compiled wasm file and told to extract the password. Here we will look into two different ways of solving this challenge: ReCompilation to x86 (this blog post) and using a new dynamic-analysis framework called Wasabi (next blog post).

»
Author's profile picture Cory Duplantis on reverse

SANS HolidayHack 2016 Full Writeup

Another year has past, which means the SANS HolidayHack is in full swing. This year, many new technologies were used, which were a blast to dig into. This writeup dives into each challenge and the methodology used to solve it. A summary of the story this year is below

»
Author's profile picture Cory Duplantis on pwn

CSAW Quals 2016 Pwn 500 - Mom's Spaghetti

Let’s take a look at the moms spaghetti from CSAW Quals 2016. This solution was a collaboration between @thebarbershopper, @jduck, and @WanderingGlitch. For those that want to play along at home, you can build your own server to throw against by the following:

»
Author's profile picture Cory Duplantis on pwn

Whitehat - pwn3 - readfile

Let’s take a look at the pwn3 challenge from WhiteHat 2016.

»
Author's profile picture Cory Duplantis on pwn

Internetwache RE60 Writeup: Symbolic Execution for the win

(This challenge was performed entirely in EpicTreasure. If you don’t want to setup the tools listed in this writeup, simply install EpicTreasure and you are off to the races. Also, mirrored from my Praetorian post)

»
Author's profile picture Cory Duplantis on re and angr

Pwning Gnomes: CounterHack HolidayHack 2015 Writeup

It is that time of year again! Time for the HolidayHack presented by CounterHack! This one is going to be fairly long, but boy are there a lot of cool challenges here. Everything from network forensics, web, image forensics, and even a pwnable.

»
Author's profile picture Cory Duplantis on CTF, pcap, pwn, and web

CMU Binary Bomb meets Symbolic Execution and Radare

Symbolic execution has been a topic I have been meaning to jump into for a few months. Today we will look at how to apply symbolic execution to the Carnegie Melon Binary Bomb lab.

»
Author's profile picture Cory Duplantis on ctf, python, symbolic, execution, reverse, and radare

Voice Robot plays Keep Talking and Nobody Explodes

Here is the video of my voice activated robot Bombly dominating Hardcore in the game Keep Talking and Nobody Explodes.

»
Author's profile picture Cory Duplantis on python, voice, and robot

HITCON - PhishingMe

Sent me a .doc, I will open it if your subject is "HITCON 2015"!
Find the flag under my file system. 
p.s. I've enabled Macro for you. ^_________________^
phishing.me.hitcon.2015@gmail.com.
»
Author's profile picture Cory Duplantis on ctf and phishing

Vulnhub - Brainpan3

Brainpan3 is a typical boot2root VM that we boot and attempt to gain root access. This one is a bit long, but I hope it is entertaining and informative. Strap in!

»
Author's profile picture Cory Duplantis on boot2root and Pwnable

MMACTF 2015 - Moneygame

We are presented with a stock market game. We have to time the market just right in order to get 10x our initial cash pile. Psh.. easy peasy

»
Author's profile picture Cory Duplantis on CTF and Pwnable

SaintCon 2015 PreCTF - 4

``` – CIPHERTEXT – AEBRVHWWMQHURVWFFIKVYFUCDG To Decrypt this Message, you will need to learn how a US President encrypted messages while in Paris France.

»
Author's profile picture Cory Duplantis on CTF and Programming

HouSecCon 2015 August Pre-CTF

```

  • thebarbershopper has joined the channel
»
Author's profile picture Cory Duplantis on CTF and Web