Twitter | Pretraživanje | |
Andrea Biondo @ 36C3
Turning drinks into segfaults. MSc student in CS at . CTF player with and .
104
Tweetovi
212
Pratim
950
Osobe koje vas prate
Tweetovi
Andrea Biondo @ 36C3 proslijedio/la je tweet
Andrea Fioraldi 30. pro
was a blast! Here with the crew we are toasting in honor of these amazing 4 days. Cheers to all old and new friends here, see u next year/defcon/somewhere!
Reply Retweet Označi sa "sviđa mi se"
Andrea Biondo @ 36C3 proslijedio/la je tweet
cts 16. pro
the FORBIDDEN ctf tactics the pros DONT want you to know!
Reply Retweet Označi sa "sviđa mi se"
Andrea Biondo @ 36C3 27. stu
Odgovor korisniku/ci @blueminimal @SIGFLAG_CTF
They did say "guessing flags" in the blog, and the retweet was talking about probabilities :) but yeah, fair enough.
Reply Retweet Označi sa "sviđa mi se"
Andrea Biondo @ 36C3 27. stu
Odgovor korisniku/ci @blueminimal
(3) The "not found" response indicates that the fuel ID is not valid, i.e., it wasn't uploaded to the service. Everything points to a check request to NARF! (but not the previous upload request) being accidentally deflected to SIGFLAG.
Reply Retweet Označi sa "sviđa mi se"
Andrea Biondo @ 36C3 27. stu
Odgovor korisniku/ci @blueminimal
(2) The checker sends random POST data with the flag somewhere in it, and checks that the just-uploaded fuel only returns the new flag. A flag regex on the checker POST data will find the flag, no need for guessing.
Reply Retweet Označi sa "sviđa mi se"
Andrea Biondo @ 36C3 27. stu
Odgovor korisniku/ci @blueminimal
(1) It's not about the probability of guessing flags. The stuff after ? in the URL is the ID of a "fuel", i.e., a state machine uploaded by the checker that will match a specific flag in the POST data.
Reply Retweet Označi sa "sviđa mi se"
Andrea Biondo @ 36C3 24. stu
Odgovor korisniku/ci @domenuk @RuCTFE
I understand (I've made this mistake in a challenge for our students), but I'd expect this kind of stuff from a low-level CTF, not RuCTF. Anyway, I guess mock teams?
Reply Retweet Označi sa "sviđa mi se"
Andrea Biondo @ 36C3 24. stu
Odgovor korisniku/ci @domenuk @RuCTFE
Wow. With all due respect to the author, that's disappointing. I like working on the harder challs, so I spent 90% of the CTF on this. Would've been better to just avoid releasing the service if they didn't have a working exploit.
Reply Retweet Označi sa "sviđa mi se"
Andrea Biondo @ 36C3 24. stu
I'm still trying to understand how to exploit "engine" from yesterday's . Found the stack overflow, but no leak (collected_pieces was spilled to the stack, so no retaddr LSB overwrite either). Reading short in check_fuel was throwing.
Reply Retweet Označi sa "sviđa mi se"
Andrea Biondo @ 36C3 proslijedio/la je tweet
mhackeroni 17. lis
3rd place in HITB PRO CTF! GG and thanks for the prize ;)
Reply Retweet Označi sa "sviđa mi se"
Andrea Biondo @ 36C3 12. lis
Odgovor korisniku/ci @ECSC_Romania @CyberChallengIT
Thanks for the battle! See you next year :)
Reply Retweet Označi sa "sviđa mi se"
Andrea Biondo @ 36C3 proslijedio/la je tweet
CyberChallengeIT 11. lis
2nd place for Team Italy 🇮🇹 @ !!!!
Reply Retweet Označi sa "sviđa mi se"
Andrea Biondo @ 36C3 22. ruj
So long since my last blog post... Here's my writeup for Dragon CTF Teaser 2019 "rms" (and "rms-fixed"), enjoy!
Reply Retweet Označi sa "sviđa mi se"
Andrea Biondo @ 36C3 proslijedio/la je tweet
Matthew Green 15. kol
New talk: we’re talking about device identifiers in Linux and Android that somehow also leak the kernel address in KASLR and thus allows a bypass and I’m just like:
Reply Retweet Označi sa "sviđa mi se"
Andrea Biondo @ 36C3 proslijedio/la je tweet
Stefan Nagy 14. kol
An awesome thesis ('s) on firmware : "Coverage-guided fuzzing of embedded firmware with avatar". PDF download link:
Reply Retweet Označi sa "sviđa mi se"
Andrea Biondo @ 36C3 proslijedio/la je tweet
mhackeroni 13. kol
After enough hours of sleep it's time to announce that we got the 5th place at CTF as the best European team! Congrats to PPP () for collecting more black badges this year and hosting us at the after-party, you guys are awesome! 🚩
Reply Retweet Označi sa "sviđa mi se"
Andrea Biondo @ 36C3 proslijedio/la je tweet
spritzers 13. kol
We survived CTF with the fine chefs of ! 🍝 Crazy nice 5th place this year 🚩 amazing game, thanks & props to the champions
Reply Retweet Označi sa "sviđa mi se"
Andrea Biondo @ 36C3 proslijedio/la je tweet
mhackeroni 8. kol
Getting ready for the game🚩 Tomorrow is the big day!
Reply Retweet Označi sa "sviđa mi se"
Andrea Biondo @ 36C3 proslijedio/la je tweet
mhackeroni 4. kol
It's due time to thank all the people that supported our crowdfunding campaign so far :) you can still help us at
Reply Retweet Označi sa "sviđa mi se"
Andrea Biondo @ 36C3 proslijedio/la je tweet
attacus 29. srp
my high school maths teacher always said we needed to memorise things because "you won't carry a calculator around with you in the real world" well JOKE'S ON YOU MRS WALSH not only do I have a smartphone but my friend just emailed me this neat Word doc that opens a calculator
Reply Retweet Označi sa "sviđa mi se"