BlahCats Blog

Tales of a binary encoded life...

FlareOn 4 WriteUps

Published by hugsy , on 13 October 2017 , under ctf

This year, I happened to finally have a chance to be in a good position to play Flare-On CTF, a yearly CTF published by FireEye. This year’s edition offered 12 reverse-engineering challenges to solve …

Insomni'Hack CTF 2017: bender_safer

Published by hugsy , on 26 January 2017 , under ctf

Insomni’Hack CTF 2017 offered a series of 3 challenges (i.e. 3 different flags) on the same binary, called bender_safe: bender_safe was a Reversing challenge (50 pts) to discover the correct validati…

ARMPWN redux: canary reloaded

Published by hugsy , on 24 January 2017 , under ctf

TL;DR: It is possible to defeat stack canary protection when a binary is vulnerable to arbitrary file read. Intro First of, Happy New Year 2017 ✌ Recently, I’ve decided to thoroughly investigate the…

TWCTF 2016 - reverse_box writeup

Published by hugsy , on 6 September 2016 , under ctf

The reverse_box challenge of TWCTF 2016 was a warmup challenge (only 50 points), not really hard. There are plenty of writeups for it, but none of them used the technique I used to solve it in only a …

ARMPWN challenge write-up

Published by hugsy , on 13 June 2016 , under ctf, research

Info A few weeks ago, I came across a GitHub repository created by @5aelo for people wanting to have a bit of ARM fun. I had recently spent some time adding new features and perfectionning old ones…

DEFCON CTF 2016 - heapfun4u

Published by hugsy , on 24 May 2016 , under ctf

Info The vulnerable file was given with the following instructions: Guess what, it is a heap bug So yes, we’ll be dealing with some heap fun. gef➤ !file ./heapfun4u ./heapfun4u: ELF 64-bit LSB execu…

DEFCON CTF 2016 - feedme

Published by hugsy , on 23 May 2016 , under ctf

Info The vulnerable file was given with the instructions: :::text Don't forget to feed me http://www.scs.stanford.edu/brop/ Here are some info given by gef: gef➤ !file ./feedme ./feedme: ELF 32-…

ASIS CTF 2016 - feap write-up

Published by hugsy , on 9 May 2016 , under ctf

Info As usual, the vulnerable file is here gef➤ !file ./feap ./feap: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.…

HITB 2016 - Bakery write-up

Published by hugsy , on 1 April 2016 , under ctf

I participated to HITB Teaser CTF only to have a bit of fun with there pwnable challenge(s) which I find usually fun and instructive. The teaser only offered one pwnable challenge, named bakery. Info …

VolgaCTF 2016 - Web of Science

Published by hugsy , on 28 March 2016 , under ctf

Info gef➤ !file ./web_of_science ./web_of_science: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.24, BuildID[sha1…