blog.dragonsector.pl
Dragon Sector: RuCTF 2014 Quals - TLS (Crypto 300)
http://blog.dragonsector.pl/2014/03/ructf-2014-quals-tls-crypto-300.html
Monday, March 10, 2014. RuCTF 2014 Quals - TLS (Crypto 300). The task consisted of a 19kB pcap file with a single complete TLS conversation between a client and an HTTPS server (using DHE RSA), and a rather laconic description - "just break TLS". Well, since you asked…. 0000000: 4469 4865 2031 3333 3720 3133 3337 2031 DiHe 1337 1337 1 0000010: 3333 3720 3133 3337 2031 3333 3720 3133 337 1337 1337 13. Since that looks very non-random, perhaps the client exponent is easy to figure out? What it needs is a S...
2016.confidence.org.pl
CONFidence 2016 - Krakow, Hotel Forum
http://www.2016.confidence.org.pl/faq-uczestnicy
TWO FOR ONE PREREGISTRATION. Where the conference is located? CONFidence takes place in Forum Hotel, Krakow (Marii Konopnickiej 28). Where can I park my car? Parking is available at the conference venue. You need to pay for the parking separately by means of the entrance tickets. If you make a purchase in Forum Przestrzenie, your receipt will be stamped and you will be able to use the car park free of charge. How can I register? You can also collect your ID later (also at the registration stand). Lunch w...
blog.dragonsector.pl
Dragon Sector: January 2014
http://blog.dragonsector.pl/2014_01_01_archive.html
Tuesday, January 28, 2014. PHDQuals 2014 - miXer. The task consisted solely of a 32-bit executable provided by the organizers [0]. Once we loaded it into IDA, we could see the most interesting part (main function) did not look like valid x86 code:. Obviously, we had to fix it. Since the name of challenge was miXer, we thought we probably had to xor it with some key to obtain the original code. We could guess correct the first bytes based on the opcodes of a typical function prologue:. And " push edi.
blog.dragonsector.pl
Dragon Sector: October 2014
http://blog.dragonsector.pl/2014_10_01_archive.html
Tuesday, October 14, 2014. ASIS CTF Finals 2014 - Ultra Secure (Crypto 400). The server welcomed us with the following message:. What's the name of this cryptosystem? The answer is "Paillier" ( https:/ en.wikipedia.org/wiki/Paillier cryptosystem. It's a public-key cryptosystem, which has an interesting property - it's homomorphic. I'll explain this term in a moment, after we see what we need to solve the challenge. After solving the riddle, the server sends a secret (same value for every connection):.
blog.dragonsector.pl
Dragon Sector: 31C3 CTF - Mynx (Pwn 30)
http://blog.dragonsector.pl/2015/01/31c3-ctf-mynx-pwn-30.html
Monday, January 19, 2015. 31C3 CTF - Mynx (Pwn 30). After selecting this challenge we were welcomed by a rather laconic description:. Once connected to the service, we were greeted by the following menu:. It appeared to be some kind of a storage service for ASCII art. We could upload ASCII arts, add comments and apply filters. After fuzzing the input for a while we didn’t discover anything useful, so it was time to look inside the executable. Its C representation looks something like that:. It was just a...
blog.dragonsector.pl
Dragon Sector: June 2014
http://blog.dragonsector.pl/2014_06_01_archive.html
Tuesday, June 10, 2014. Update: Dragon Sector wins the PHDays CTF Finals 2014! Three weeks ago, the Dragon Sector team represented by j00ru. By the way. In this post, we would like to tell you the story of the finals as seen by the members of DS. Photo by tylerni7 / PPP. The three services we found inside the Linux VM were:. A simple Python bot for the Cheat. Holynet): a web service written in .NET and ran using Mono, with no source code or other information initially available. Photo by tylerni7 / PPP.
blog.dragonsector.pl
Dragon Sector: March 2014
http://blog.dragonsector.pl/2014_03_01_archive.html
Tuesday, March 25, 2014. Exploits for recent pwning CTF tasks published. During the run time of any jeopardy CTF, I ( j00ru. Am always looking for pwning. Without further ado, the exploits are as follows:. Ghost in the Shellcode (2014). Exploitation 600, with gynvael). Olympic CTF Sochi (2014). Boston Key Party CTF (2014). Exploitation 100, with redford). Exploitation 600, with mak). Monday, March 24, 2014. Insomni'hack CTF 2014 - Life is even harder (Hardware, 400 points 600 point bonus). Nicolas, the a...
blog.dragonsector.pl
Dragon Sector: April 2015
http://blog.dragonsector.pl/2015_04_01_archive.html
Thursday, April 23, 2015. The CONFidence Teaser CTF takes place this weekend! This is just a short reminder that the CONFidence Teaser CTF. Organized by Dragon Sector will take place this weekend, and more specifically starting 25 April 2015, 10:00 CEST until 26 April 2015, 10:00 CEST. The registration has just started at the event's website, https:/ ctf.dragonsector.pl/. And will stay open all throughout the game. A quick rundown on the basic information is as follows:. 25 April 2015, 10:00 CEST. Withou...
blog.dragonsector.pl
Dragon Sector: December 2014
http://blog.dragonsector.pl/2014_12_01_archive.html
Tuesday, December 30, 2014. 31C3 CTF - Nokia 1337 (Pwn 30). Here you are, playing a CTF with you mates in Hamburg. You notice there's a new task, “ Nokia 1337. Enter the trilogy: pwn this phone. Please use only the qemu provided. Remote instance requires proof of work: nc 188.40.18.78 1024. Connect locally via telnet to localhost:10023 after qemu booted completely. You download the image, fire it up in Qemu and. See the phone boot up on http:/ q3k.org/nokiaboot.webm. In hand, you give it a shot. The R...
SOCIAL ENGAGEMENT