Return of the Penguin – BSides London 2016 [Part 1]

–[ Introduction ]

Hello all! It has been some time since my last post, so I thought I’d write about something fun that I came across!

Return of The Penguin is the first reversing challenge from B-Sides London 2016, brought to us by the creator of last year’s Toxic PDF. In this challenge we are given an unknown binary and a number of guiding questions to answer!

Penguins, can't trust them!
Penguins, can’t trust them!

Continue reading “Return of the Penguin – BSides London 2016 [Part 1]”

Advertisements
Return of the Penguin – BSides London 2016 [Part 1]

Challenges.re #14 – JVM/.Net Assembly

-[ Introduction ]

This is a very quick post about a challenge I just solved and found interesting. It’s a Java “what’s this code doing?” type of challenge, and since I haven’t touched Java bytecode in a while I thought I’d give it a go!

The original challenge can be found here, and many many more can be found here!

Continue reading “Challenges.re #14 – JVM/.Net Assembly”

Challenges.re #14 – JVM/.Net Assembly

DefendIO Android Crackmes – Jumbled

–[ Introduction ]

It has been some time since I’ve posted anything, so I thought I’d look at the Android crackmes posted by DefendIO (link)! The link to the crackmes has got a number of challenges, of different levels. There are a lot of starter challenges (level 1), a level 2 and a level 4 challenge!

This is the writeup of the level 2 challenge, called ‘jumbled cme’!

Continue reading “DefendIO Android Crackmes – Jumbled”

DefendIO Android Crackmes – Jumbled

9447 CTF 2015 – Real Flag Finder (70)

Introduction
Hello all, it has been a while and I haven’t published something in a month, so here’s a little something! A had some time to spare and worked on a challenge from 9447 2015!

This was a straightforward reverse engineering task where We’re given the binary and are asked to find a flag, for 70 points!

Continue reading “9447 CTF 2015 – Real Flag Finder (70)”

9447 CTF 2015 – Real Flag Finder (70)

Handy File Transfer Technique

Introduction

Contrary to this blog’s usual material, this time I want to write about a quick technique I found to work pretty well today for transferring files between two hosts using the xxd and hexdump utilities!

I needed to use this technique as part of a pentest, as the host was a bit limited on the tools on the box. The prerequisites for this to happen are a page with a file inclusion vulnerability (preferably remote) and for the PHP configuration to not have turned off the system function.

Continue reading “Handy File Transfer Technique”

Handy File Transfer Technique

Entry Language – DefCamp CTF Quals 2015 (RE100)

–[ Introduction ]

Hello all! It has been a while since I wrote anything so I thought I’d write about a quick challenge I solved for DefCamp qualifiers 2015. Unfortunately I had only a few hours to spare, so I only managed to solve exploit1 and re1.

This was also a really good opportunity to get my PIN-fu in action, as I’ve been wanting for a while to fire a PINtool at something!

Continue reading “Entry Language – DefCamp CTF Quals 2015 (RE100)”

Entry Language – DefCamp CTF Quals 2015 (RE100)