SecuRT third edition took place last Saturday in Montbéliard. It is a special event that tries to raise awareness about security in computer sciences among students. During the first edition, I participated to their CTF, with jvoisin and rboissat under the name of HackGyver, where we finished first!

Since last year, we decided to organize the challenges for their competition and last week-end, we provided more than 40 different challenges. Now that the event is over, I wanted to review some details here.

Until I write something about the OWASP Winter Code Sprint I did last semester, I want to share a quick thought here:

WAF won't protect you if your application is vulnerable, it is solely a bonus!

The Insomni'hack teaser CTF took place this week-end and xarkes asked me if I wanted to give it a try. Even though I have my exams this week, I thought I could give it a try.

We tried the YNOS Web 100 challenge and we did not even get the flag on time... So infuriating...

But still, we managed to go far and almost get it. Because the challenge was interesting, I wanted to write something about it.

From Tuesday to Thursday, hack.lu 2014 CTF was taking place.

I wished I had more time to spend on the challenges. It could be nice to see this CTF over the weekend. Nevertheless the few challenges I did were fun, as expected from hack.lu.

I spent a couple of hours working on one specific challenge: At Gunpoint reverse engineering (200) and I thought I would do the write-up.

It has been a long time since I didn't write something about re. With the GSoC I mostly wrote python code over the past couple of months.

I want something more low-level now and what is better than some re? Plus, it is a good opportunity to use for the first time this awesome tool jvoisin is always bragging about: radare2!