HITCON CTF 2018 - Secret Note

Writeup for challenge “Secret Note” of HITCON CTF 2018.

Last weekend, I played HITCON CTF 2018 for a bit with our spritzers team. I did not have much free time, so I ended up focusing on a single hard challenge: Secret Note (342 points, pwn/crypto). I have been doing pwn for a while, but recently I have also become interested in crypto, so it looked like fun, and indeed it was!

Improving AFL's QEMU mode performance

Block chaining to the rescue. UPDATED 2018-09-22

I’m a big fan of American Fuzzy Lop. It’s a robust and effective coverage-guided fuzzer, and it supports a QEMU mode to fuzz closed-source binaries. QEMU mode, however, comes with a significant performance price. Can we make it better?

IHC CTF 2018 - The Lollipop Service

Writeup for challenge “The Lollipop Service” of IHC CTF 2018.

From the 2nd to the 5th of August 2018, Italian Hacker Camp was held in Padova, Italy. It was an amazing event - I highly recommend my Italian (and not!) fellows to participate. As spritzers, we played and won the internal CTF. Among the challenges I pwned, I particularly enjoyed “The Lollipop Service” - heap exploitation with a custom allocator.

RCTF 2018 - stringer

Writeup for challenge “stringer” of RCTF 2018.

This weekend I was busy playing RCTF 2018 with the mhackeroni team (we qualified for DEFCON last week - super pumped!). I really liked one of the pwnables, “stringer”. It was a heap challenge where I had to force calloc to not clear a chunk, which I thought was pretty cool.

Hello, world!

Introducing myself.