Last weekend, I played HITCON CTF 2018 for a bit with our spritzers team. I did not have much free time, so I ended up focusing on a single hard challenge: Secret Note (342 points, pwn/crypto). I have been doing pwn for a while, but recently I have also become interested in crypto, so it looked like fun, and indeed it was!
I’m a big fan of American Fuzzy Lop. It’s a robust and effective coverage-guided fuzzer, and it supports a QEMU mode to fuzz closed-source binaries. QEMU mode, however, comes with a significant performance price. Can we make it better?
From the 2nd to the 5th of August 2018, Italian Hacker Camp was held in Padova, Italy. It was an amazing event - I highly recommend my Italian (and not!) fellows to participate. As spritzers, we played and won the internal CTF. Among the challenges I pwned, I particularly enjoyed “The Lollipop Service” - heap exploitation with a custom allocator.
This weekend I was busy playing RCTF 2018 with the mhackeroni team (we qualified for DEFCON last week - super pumped!). I really liked one of the pwnables, “stringer”. It was a heap challenge where I had to force
calloc to not clear a chunk, which I thought was pretty cool.
Hello there, stranger. I’m Andrea, a 22-year-old BSc student in Computer Science at the University of Padova. You can learn more about me in my about page.