This weekend I played Kaspersky Industrial CTF 2018 with spritzers, where we got 7th place. Not bad considering most of us couldn’t play (and I slept way too much :P). I liked “modcontroller”, a pwn challenge worth 994 points in the end. It actually was more of a web challenge than a pwn one, and I enjoyed doing something different than usual.

Last weekend, I played HITCON CTF 2018 for a bit with our spritzers team. I did not have much free time, so I ended up focusing on a single hard challenge: Secret Note (342 points, pwn/crypto). I have been doing pwn for a while, but recently I have also become interested in crypto, so it looked like fun, and indeed it was!

I’m a big fan of American Fuzzy Lop. It’s a robust and effective coverage-guided fuzzer, and it supports a QEMU mode to fuzz closed-source binaries. QEMU mode, however, comes with a significant performance price. Can we make it better?

From the 2nd to the 5th of August 2018, Italian Hacker Camp was held in Padova, Italy. It was an amazing event - I highly recommend my Italian (and not!) fellows to participate. As spritzers, we played and won the internal CTF. Among the challenges I pwned, I particularly enjoyed “The Lollipop Service” - heap exploitation with a custom allocator.

This weekend I was busy playing RCTF 2018 with the mhackeroni team (we qualified for DEFCON last week - super pumped!). I really liked one of the pwnables, “stringer”. It was a heap challenge where I had to force calloc to not clear a chunk, which I thought was pretty cool.