SecuRT 2015 Retrospective

Published on Monday, 16 March 2015 in Security ; tagged with security, ctf, challenges, securt, tous, pirates ; text version

SecuRT third edition took place last Saturday in Montbéliard. It is a special event that tries to raise awareness about security in computer sciences among students. During the first edition, I participated to their CTF, with jvoisin and rboissat under the name of HackGyver, where we finished first!

SecuRT 2015 CTF

Since last year, we decided to organize the challenges for their competition and last week-end, we provided more than 40 different challenges. Now that the event is over, I wanted to review some details here.

Continue reading

WAF is a curse

Published on Saturday, 21 February 2015 in Security ; tagged with security, waf, xss, html5 ; text version

Until I write something about the OWASP Winter Code Sprint I did last semester, I want to share a quick thought here:

WAF won't protect you if your application is vulnerable, it is solely a bonus!

Continue reading

Insomni'Hack 2015 YNOS - web100

Published on Monday, 12 January 2015 in CTF, Security ; tagged with insomnihack, teaser, ctf, write-up, web, 100, challenge, security, blind, sqli, read, file, rce ; text version

The Insomni'hack teaser CTF took place this week-end and xarkes asked me if I wanted to give it a try. Even though I have my exams this week, I thought I could give it a try.

We tried the YNOS Web 100 challenge and we did not even get the flag on time... So infuriating...

But still, we managed to go far and almost get it. Because the challenge was interesting, I wanted to write something about it.

Continue reading 2k14 At Gunpoint - re200

Published on Thursday, 23 October 2014 in CTF, Security, Reverse Engineering ; tagged with, ctf, write-up, reverse, 200, challenge, security, radare2, gameboy, rom, bgb, hackgyver ; text version

From Tuesday to Thursday, 2014 CTF was taking place.

I wished I had more time to spend on the challenges. It could be nice to see this CTF over the weekend. Nevertheless the few challenges I did were fun, as expected from

Gunpoint Home Screen

I spent a couple of hours working on one specific challenge: At Gunpoint reverse engineering (200) and I thought I would do the write-up.

Continue reading

Let's try Radare2

Published on Friday, 22 August 2014 in Reverse Engineering ; tagged with reverse, radare2, r2, challenge, ctf ; text version

It has been a long time since I didn't write something about re. With the GSoC I mostly wrote python code over the past couple of months.

I want something more low-level now and what is better than some re? Plus, it is a good opportunity to use for the first time this awesome tool jvoisin is always bragging about: radare2!

Continue reading License WTFPL2