| Tweetovi |
|
hxp
@hxpctf
|
14. sij |
|
Full release of our research paper on executing a "preimage attack" on the MD5 function. hxp.io/blog/70/hxp-36…
|
||
|
|
||
| hxp proslijedio/la je tweet | ||
|
Saar Amar
@AmarSaar
|
12. sij |
|
Checkout @Oranav's great writeup on md15 from #36C3 CTF (@hxpctf - you rock!) - github.com/oranav/ctf-wri….
Interesting point: if we run this on WSLv1, it's immediately fail (due to different behavior in the loader) on the whole point of the chg, revealing everything ;) pic.twitter.com/8sjSUQYosb
|
||
|
|
||
| hxp proslijedio/la je tweet | ||
|
Oran
@Oranav
|
11. sij |
|
I published a write-up for md15 from @hxpctf 36C3 CTF:
github.com/oranav/ctf-wri…
|
||
|
|
||
|
hxp
@hxpctf
|
8. sij |
|
|
||
| hxp proslijedio/la je tweet | ||
|
des
@des0x41
|
8. sij |
|
|
||
|
|
||
| hxp proslijedio/la je tweet | ||
|
Andreas Kling
@awesomekling
|
5. sij |
|
Just got a second exploit and write-up from the @hxpctf CTF! This time from "braindead" 🧠💀
This one combines missing userspace pointer validation in writev() with a TOCTOU in clock_nanosleep(). Great show! 😊👍
github.com/braindead/ctf-…
|
||
|
|
||
|
hxp
@hxpctf
|
4. sij |
|
:)
|
||
|
|
||
|
hxp
@hxpctf
|
4. sij |
|
Thanks for the awesome writeup :)
|
||
|
|
||
| hxp proslijedio/la je tweet | ||
|
Andy
@G33KatWork
|
4. sij |
|
I did a "casual" writeup of the "Token of HXP" challenge I played with @__spq__ at #36C3CTF: github.com/G33KatWork/tok…
/cc @hxpctf
|
||
|
|
||
| hxp proslijedio/la je tweet | ||
|
Andreas Kling
@awesomekling
|
3. sij |
|
In the wake of last week's exploit, I've been auditing the SerenityOS syscalls and found quite a number of terrible and very exploitable bugs. 🐞💣💥
Let me show you some of them!
|
||
|
|
||
| hxp proslijedio/la je tweet | ||
|
Tamir Bahar
@tmr232
|
3. sij |
|
|
||
| hxp proslijedio/la je tweet | ||
|
Disconnect3d
@disconnect3d_pl
|
2. sij |
|
When you include a file inside of a macro invocation, it seems GCC goes into the included file and fails to finish the macro call there. Clang does not have this problem.
Found it during analysis of ctftime.org/writeup/17914 writeup to 36c3 @hxpctf CTF compilerbot challenge pic.twitter.com/zMbbHBnsms
|
||
|
|
||
|
hxp
@hxpctf
|
2. sij |
|
Actually @fktio run the Junior CTF!
|
||
|
|
||
| hxp proslijedio/la je tweet | ||
|
Andreas Kling
@awesomekling
|
1. sij |
|
Some new security mitigations in SerenityOS since yesterday:
SMEP: github.com/SerenityOS/ser…
UMIP: github.com/SerenityOS/ser…
Eager FP restore: github.com/SerenityOS/ser…
No userspace I/O: github.com/SerenityOS/ser…
There's so much to learn here, thanks @hxpctf for kickstarting it! 👨💻🐞🤔
|
||
|
|
||
|
hxp
@hxpctf
|
1. sij |
|
Reminder to report your security findings to this awesome project :) twitter.com/awesomekling/s…
|
||
|
|
||
| hxp proslijedio/la je tweet | ||
|
Harrison Green
@hgarrereyn
|
31. pro |
|
ctf.harrisongreen.me/2019/hxpctf/fl… - Deep dive into a bug in the SSE version of libc's strncpy. Awesome challenge by @hxpctf at #36c3!
|
||
|
|
||
|
hxp
@hxpctf
|
30. pro |
|
Bye bye hxp CTF auto pwner (our monitoring) pic.twitter.com/ZQOHAnm0iH
|
||
|
|
||
| hxp proslijedio/la je tweet | ||
|
Saar Amar
@AmarSaar
|
29. pro |
|
As usual, great challenges at #36c3 CTF! Always fun to find 0days at CTF :P Thanks so much @hxpctf and @pastenctf ! :)
|
||
|
|
||
|
hxp
@hxpctf
|
30. pro |
|
The real token of hxp pic.twitter.com/3jRMGDAPLs
|
||
|
|
||
|
hxp
@hxpctf
|
30. pro |
|
Peek into the load balancer and reset circuit of the Totally not BadUSB challenge pic.twitter.com/60gQHQE11C
|
||
|
|
||