hack.lu CTF - Challenge 12 WriteUp
Here is the missing Hack.lu CTF write-up for the "seamonster" challenge. It was a Windows reverse engineering challenge, with a nice anti-debugging trick.
The challenge objective is to give "Ring3" the correct password to keep our ship afloat and get the gold ! Let's have a look at the ...read more
Thank you, Mario, but our printSeps() is in another castle!
This post details the way Adobe patched the printSeps() vulnerability in Adobe Reader (CVE-2010-4091). You'll see that the way Adode fixed the vulnerability is quite surprising...
Presentation at Hack.lu: Reversing the Broadcom NetExtreme's firmware
I was giving a talk in October during last hack.lu session. The presentation focuses on the roadmap taken to reverse engineer the Broadcom Ethernet NetExtreme firmware family: building a firmware debugger, instrumentation tools, to finally develop a customized network card firmware.
NetExtreme family cards are the standard range of ...read more
hack.lu CTF - Challenge 21 WriteUp
Guillaume was giving a talk at the Hack.lu 2010 conference in Luxembourg, where we enjoyed to participate to the Capture The Flag. After intense competition against about 70 teams, we finally ended at the 1st place. Congratulations to FluxFingers who organized the CTF and did an impressive work, both ...read more
hack.lu CTF - Challenge 16 WriteUp
We attended Hack.lu this year in Luxembourg. This security conference is really nice and provides a Capture The Flag (CTF) contest organized by FluxFingers, the CTF Team of Ruhr-Universität Bochum (Germany).Here is the write-up of the challenge 16.
We were given a file named secret.pyc containing python ...read more
Protecting against the RDS Linux local root exploit with grsec
On october 19h, Dan Rosenberg, a security researcher at Virtual Security Research LLC, disclosed a flaw in the handling of iovec structures by the rds kernel module (original VSR advisory). Due to the lack of checks, a userland program could directly read or write at arbitrary locations, including inside kernel ...read more
Hack In The Box 2010 - Malaysia
We have 4 open positions for internships:
- Malicious hardware and USB: the purpose is to study the USB protocol and use it on a device (e.g. FPGA) to compromise a target host (Windows, MacOS X, Linux, iOS, Android).
- Distributed brute force cryptanalysis: the candidate will have to develop a ...
An approach to PDF shielding
However while many antivirus vendors ...read more