Expertise gained during Capture The Flag competitions to support the security research community
Initial research and description Baby first was one of the easiest pwn challenges at Insomi’hack CTF 2017 and has been solved by many teams. There was an address ( babyfirst.insomni.hack:2324) and a binary provided in the description. First, let’s check the…
Deep Experiments Deep Experiments was one of the web challenges at Insomi’hack CTF 2017. It has been solved only by two teams (including CodiSec). The location of the flag ( /flag) was written in the description. Recon The challenge was running…
CTF: BITSCTF 2017 Points: 20 Category: Crypto Description Brute and get the base 32 format of flag. encrypted.txt: MZYVMIWLGBL7CIJOGJQVOA3IN5BLYC3NHI This task is worth 20 points, but only 8 teams have solved it during ctf and I really wonder why. Before…
CodiSec’s CTF Team (CS16) has just returned from SECCON finals in Tokyo. They ended up with a very good 6th place leaving many world CTF leaders behind. CodiSec was represented by Marcin Kościelnicki, Borys Popławski, Robert Tomkowski and Krzysztof Zając…
CodiSec’s development team is keeping up the pace! The next step on our journey towards our leading binary data analysis tool has been made – the next monthly release of Veles is now available (also on GitHub: https://github.com/codilime/veles). Main improvements include:…
Veles visualizations are purely statistical representations of binary data. We take a sequence of bytes and visualize correlations between certain values. It doesn’t matter if it’s an executable file, a picture or a disk image – from the perspective of…
This page contains examples of Veles visualization. For explanation on how they actually work check out Binary visualization explained. By testing Veles visualizations on numerous files we found that different types of data look very differently. We can easily notice the differences…
November brought a new success in our intensive CTF work! We took 2nd place at DefCamp! The competition’s finals were held in Bucharest, Romania, during one of CEE’s most significant hacking conferences attended by more than 1,000 IT security specialists.…
CTF: DefCamp CTF Finals 2016 Binary: dctf-2016-exp300 Libc: libc Points: 300 Category: PWN Description ssh user@server get flag TL;DR The program reads string from argv[1] and saves it in two structures on the heap. There is a buffer overflow vulnerability,…
November 8 saw the first public presentation of Veles – our brand-new open-source tool for binary file analysis – at the Security PWNing Conference in Warsaw. Marcin Koscielnicki and Maciej Pytel ran a demo of the new tool in action…