too-latte
is a challenge I wrote based on
CVE-2023-0669,
which is an unsafe deserialization vulnerability in Fortra’s GoAnywhere MFT
software. I modeled all the vulnerable code off, as much as I could, that
codebase. It’s obviously themed quite differently.
Category: BSides San Francisco (2023)
BSidesSF 2023 Writeups: too-latte (medium-difficulty Java exploitation)
BSidesSF 2023 Writeups: ROP Petting Zoo (educational challenge!)
ROP Petting Zoo is a challenge designed to teach the principles of
return-oriented programming. It’s mostly written in Javascript, with a backend
powered by a Ruby web server, along with a tool I wrote called
Mandrake. Source code is shared between
the three parts of the challenge, and is available
here.
Continue reading
BSidesSF 2023 Writeups: overflow (simple stack-overflow challenge)
Overflow is a straight-forward buffer overflow challenge that I copied from
the Hacking: Art of Exploitation examples CD.
I just added a flag. Full source is here.
Continue reading
BSidesSF 2023 Writeups: id-me (easy file identification challenge)
id-me is a
challenge I wrote to teach people how to determine file types without extensions.
My intent was to use the file command, but other solutions are absolutely
possible!
Continue reading
BSidesSF 2023 Writeups: Get Out (difficult reverse engineering + exploitation)
This is a write-up for three challenges:
They are somewhat difficult challenges where the player reverses a network
protocol, finds an authentication bypass, and performs a stack overflow to
ultimately get code execution. It also has a bit of thematic / story to it!
Continue reading
BSidesSF 2023 Writeups: Flat White (simpler Java reversing)
This is a write-up for flat-white
and flat-white-extra-shot,
which are easier Java reverse engineering challenges.
Continue reading
ROP Petting Zoo is a challenge designed to teach the principles of return-oriented programming. It’s mostly written in Javascript, with a backend powered by a Ruby web server, along with a tool I wrote called Mandrake. Source code is shared between the three parts of the challenge, and is available here.
Continue readingBSidesSF 2023 Writeups: overflow (simple stack-overflow challenge)
Overflow is a straight-forward buffer overflow challenge that I copied from
the Hacking: Art of Exploitation examples CD.
I just added a flag. Full source is here.
Continue reading
BSidesSF 2023 Writeups: id-me (easy file identification challenge)
id-me is a
challenge I wrote to teach people how to determine file types without extensions.
My intent was to use the file command, but other solutions are absolutely
possible!
Continue reading
BSidesSF 2023 Writeups: Get Out (difficult reverse engineering + exploitation)
This is a write-up for three challenges:
They are somewhat difficult challenges where the player reverses a network
protocol, finds an authentication bypass, and performs a stack overflow to
ultimately get code execution. It also has a bit of thematic / story to it!
Continue reading
BSidesSF 2023 Writeups: Flat White (simpler Java reversing)
This is a write-up for flat-white
and flat-white-extra-shot,
which are easier Java reverse engineering challenges.
Continue reading
Overflow is a straight-forward buffer overflow challenge that I copied from the Hacking: Art of Exploitation examples CD. I just added a flag. Full source is here.
Continue readingid-me is a
challenge I wrote to teach people how to determine file types without extensions.
My intent was to use the file command, but other solutions are absolutely
possible!
BSidesSF 2023 Writeups: Get Out (difficult reverse engineering + exploitation)
This is a write-up for three challenges:
They are somewhat difficult challenges where the player reverses a network
protocol, finds an authentication bypass, and performs a stack overflow to
ultimately get code execution. It also has a bit of thematic / story to it!
Continue reading
BSidesSF 2023 Writeups: Flat White (simpler Java reversing)
This is a write-up for flat-white
and flat-white-extra-shot,
which are easier Java reverse engineering challenges.
Continue reading
This is a write-up for three challenges:
They are somewhat difficult challenges where the player reverses a network protocol, finds an authentication bypass, and performs a stack overflow to ultimately get code execution. It also has a bit of thematic / story to it!
Continue readingThis is a write-up for flat-white
and flat-white-extra-shot,
which are easier Java reverse engineering challenges.