This challenge shares the same source code as the bin2 challenge, but the environment is different:
we need to bypass ASLR and we can’t overwrite the GOT nor the .dtors section (because of RELRO).
We will bypass those protections using a ROP approach.
Continue reading “CSAW CTF 2011 Write-up: Exploitation bin4”
Blog
Hack.lu 2011 CTF Write-up: Hidden Challenge
There is no description available… but: find the key
No information was given about this challenge, but we immediatly found it inside the scoreboard javascript, scoreboard-1.1.js.
Continue reading “Hack.lu 2011 CTF Write-up: Hidden Challenge”
Hack.lu 2011 CTF Write-up: Unknown Planet
This week we participated in the Hack.lu 2011 CTF, a Capture-The-Flag event organized by the FluxFingers team at Hack.lu. Even if we were only three with two other members playing at night, we placed 6th out of >100 teams! Congrats to FluxFingers for the wonderful work done, we enjoyed it so much.
This is our first write-up for this CTF, hopefully more will come.
Continue reading “Hack.lu 2011 CTF Write-up: Unknown Planet”
Fire on our servers!
We had a fire in our server rooms and we’ve been offline for a while, but we are finally back!
Thanks to Giovanna, Fabrizio and all the guys working to restore our poor machines.
Try to hack!
As a follow up of the meeting with high school students, today and 2 weeks ago, I’m happy to make available the first challenge (in Italian, sorry) on flawed password-protected sites.
Have fun and post your comments!
c00kies@venice got third place in UCSB iCTF
c00kies@venice is our nickname for computer security competitions. Last night, we got third place in UCSB iCTF 2010 , the biggest international “Capture The Flag” in the world.This year 72 teams (900 students) from 16 countries competed in the game. It was a great game of hacking and challenge-solving perfectly organized by Giovanni Vigna at the University of California, Santa Barbara (that we thank!).
We are very very proud and happy! More information (including pictures) will be soon available, stay tuned!
Lunch Seminar: Attacking and fixing the Microsoft Windows Kerberos login service
Friday 29 October, at 13:00, Tommaso will give a seminar describing the vulnerability we have found on the Windows systems implementation of the Kerberos login service. More information and full paper can be found here.
Continue reading “Lunch Seminar: Attacking and fixing the Microsoft Windows Kerberos login service”
Attacking and Fixing PKCS#11 Security Tokens
Tookan is an automated tool for security analysis of PKCS#11 compliant authentication tokens. In a paper presented today at CCS’10, we show how we used Tookan to reveal secret keys in devices made by Aladdin, Bull, Gemalto, RSA, snd Siemens amongst others. Tookan can also be used to validate patches to the standard, as we demonstrate in our CryptokiX project. Slides from the conference presentation are available, or you can go to the Tookan project website for full details.
This is the result of joint work between Graham Steel (LSV & INRIA) and the Security Group of the Universita’ Ca’ Foscari.
W32.Stuxnet Dossier
Avrete sentito parlare di questo nuovo “virus” scritto proprio con lo scopo di attaccare i PLC usati in produzioni industriali. Mi ero chiesto come potesse funzionare essendo spesso i PLC proprietari e off-line.
Questo paper di Symantec chiarisce un pò le cose, il senso si capisce anche limitandosi a leggere l’Executive Summary, certo che per realizzare un tool simile devono esserci degli interessi economici molto precisi.
Interessanti anche alcune delle “classiche” vulnerabilità Windows utilizzate.
Security APIs at FOSAD school
I ve just given a course at the FOSAD’10 school, reviewing practical attacks on security APIs and illustrating formal techniques to detect and fix them. The first part of the course focusses on PIN cracking attacks on Hardware Security Modules (HSMs) used by ATM networks to protect user PINs. The second part focusses on PKCS#11 tokens. I have described Tookan, a tool that reverse engineers real cryptographic tokens and performs a formal analysis of the resulting model, finding possible attacks and testing them on the real device (hope to have soon a trial version on this site). I have finally illustrated CryptokiX, our security-enhanced software simulator of a PKCS#11 token. Here are the slides [Part I] [Part II]