Blog

Hack.lu 2013 CTF Write-Up: Robotic Superiority

Help us fight the evil robotic lieutenant Don Sim. He wants to spread robo propaganda to cover his actions on the Oktoberfest. But he needs good video footage for that. So he created an IRC bot that collects information about robots in movies. Robotic emancipation can NOT happen, you have to stop him! All we need is his private key. Our agents located the bot, here is all we know about it:

Server: irc://ctf.fluxfingers.net:1313
Bot: lib[1-5] (load balancer)
Key: /var/private/key.txt

Hint: All available commands are listed with “help”. 3 connections allowed per ip.

Continue reading “Hack.lu 2013 CTF Write-Up: Robotic Superiority”

PhD positions in Computer Science

Ca’ Foscari University of Venice announces 10 PhD positions (6 with scholarship) in Computer Science. The programme is three years long in a context where all the graduate programmes (Master and PhD) are taught in English.

PhD students will have the opportunity to do their work inside the well-established research centres:

  • ACADIA (AdvanCes in Autonomous, DIstributed and pervAsive systems)
  • KIIS (Knowledge, Interaction and Intelligent Systems)

In particular, secgroup@unive proposes PhD research projects on the following topics:

1) Analysis of Security APIs
2) Models and tools for highly secure systems

Research will be done under my guidance in the very stimulating context of secgroup@unive also known as c00kies@venice in hacking competitions. For topic 1 it will be possible a collaboration with the spin-off Cryptosense.

Application deadline is 27th May 2013 – at 12:00 pm (CEST). More information and on-line application available here.

CSAW CTF 2012 write-up: CryptoMat (web400)

Here is the description of the challenge:

http://128.238.66.214/
CryptoMat is a site where you can send encrypted messages to other users. Dog is a user on the site and has the key. Figure out how to get into his account and obtain it.

The first thing we had to do was finding out how the encryption algorithm works. After a few attempts, we discovered that the title wasn’t used for the encryption and that, given a plaintext P and a key k, we have
Continue reading “CSAW CTF 2012 write-up: CryptoMat (web400)”

The “Million Message Attack” in 15,000 Messages

An article on our paper “Efficient Padding Oracle Attacks on Cryptographic Hardware“, to appear at CRYPTO 2012 this August, has been published today on the New-York Times. The news seems to be bouncing back and forth on many blogs, sometimes imprecise and exaggerated. Our FAQ page should clarify any doubt you might have. If you are curious and you don’t want to go through the full paper, Matthew Green’s blog provides a very nice write-up.

PlaidCTF 2012 write-up: The Game

The following description is provided:

Robots enjoy some strange games and we just can’t quite figure this one out. Maybe you will have better luck than us.
23.22.16.34:6969

The game offers a choice between two hex strings asking for the “bigger” one. Anyway, it doesn’t appear to be a way to determine which one is bigger just by looking at the values.
Continue reading “PlaidCTF 2012 write-up: The Game”

Gran: grsecurity analyser

Our paper about automated analysis of grsecurity has been accepted for presentation at IEEE CSF 2012 at the end of June. In the paper we formalize grsecurity semantics and, based on that, we develop a tool that checks for security flaws inside real grsecurity policies. The paper is based on Marco Squarcina’s undergraduate thesis (tesi triennale).

The gran tool (grsecurity analyser) is available for download here.