Side-Channel Statistical Analysis

31 Jan 2021
Tags: ctf protocol analysis visualization

Without a good intuition of what packet fields to consider, finding side-channel data in packet captures becomes a bit harder. While wireshark provides some statistics views to summarize conversations, we may desire to look into other packet details as well...

CTF Writeup - TastelessCTF 2020 - 7/12

06 Oct 2020
Tags: ctf steganography file formats

Introduction: We want to extract our flag from multiple 7zip files, which happen to only contain junk files. When dealing with binary formats, Kaitai Struct provides a mapping from bytes to data structures...

CTF Writeup - CyBRICS 2020 - Hide and Seek

30 Jul 2020
Tags: ctf reversing debugging cryptography

Introduction: An executable with a few interesting twists. I’ve combined static analysis in ghidra with dynamic analysis in pwndbg to explore an anti-debugging check and self-modifying code hidden in addresses not assigned to a segment...

CTF Writeup - UIUCTF 2020 - Redd's Art

23 Jul 2020
Tags: ctf reversing debugging bruteforce

Introduction: This solution relies on pwndbg to execute relevant functions, while circumventing invalid operations. Although it was possible to solve this task by adapting the decompiled functions, I wanted to investigate an approach that relied less on reimplementing the executable’s code...

CTF Writeup - UIUCTF 2020 - RFCland

20 Jul 2020
Tags: ctf forensics file formats protocol analysis

Introduction: CTF challenges in the forensics category usually deal with several kinds of data representations, from file formats to memory dumps. On this writeup, the goal was to extract the flag from a network capture in the pcap format...

CTF Writeup - rgbCTF 2020 - Advanced Reversing Mechanics 2

15 Jul 2020
Tags: ctf reversing constraint solving

Introduction: CTF challenges in the reversing category can contain complex algorithms that can make it hard to figure out the input (i.e...

Deceitful Zip

29 Sep 2019
Tags: compression cryptography file formats lookup magic visualization

What appeared to be a regular zip file could not be successfully extracted. Each extracted file would be empty or contain junk bytes...

Shell By Mail

28 Aug 2019
Tags: mail virtualization

What if the only way to interact with a remote server would be via SMTP? Here’s an attempt at implementing such a system. Keep in mind this is intended as a proof of concept, not for serious usage...

Almost UTF-16

15 Jun 2019
Tags: build tools text encoding file formats

A text file containing some song lyrics ended up having an encoding issue. Analysis: Mime type detection was failing: file -ib lyrics...

Database Tunneling

14 Jun 2019
Tags: networking

In order to run a database client locally, a SSH tunnel was made to a remote host. However, the connection from localhost to the database service was refused, while hosts on the same remote subnet were able to connect...