It’s been so long since I posted something to this blog! Let’s start again with a nice challenge from this weekend’s Dragon CTF Teaser. This web/pwn challenge is named “rms”. It showcases what can happen when you use non-reentrant library functions in a multithreaded application. A “rms-fixed” version was also released a while later to fix an unintended solution.
This week, we spritzers played X-MAS CTF 2018. We enjoyed this week-long event, and took the chance to mix things up a bit (e.g., web guys playing pwn). While I’m mainly a pwner, recently I’ve been getting into crypto. I found “A white rabbit in a snowstorm” to be an interesting challenge. It’s probably trivial for the more experienced crypto guys out there, but I had never broken a (very) weakened DES, so I learnt a few things.
At last year’s Pwn2Win, we (spritzers) were the only team to solve the SGX challenge. We played again this year, getting 6th place. There was another trusted computing challenge (pwn), on TPM 2.0 this time: we kept up the tradition and were the only team to solve it. So here’s a writeup, enjoy :)
This weekend I played Kaspersky Industrial CTF 2018 with spritzers, where we got 7th place. Not bad considering most of us couldn’t play (and I slept way too much :P). I liked “modcontroller”, a pwn challenge worth 994 points in the end. It actually was more of a web challenge than a pwn one, and I enjoyed doing something different than usual.