Material

You can find slides, additional material and further readings to accompany our lessons here.

Lesson 0: What is CTF and who is flagbot?

Introductory lesson to CTFs and what our team does.

Slides: lesson0.pdf

Lesson 1: Buffer Overflows [9. March 2020]

How to not infect yourself and pwning your first binary.

Slides: lesson1.pdf

Recording: 1080p 720p 480p

TOC

  • Setting up your environment
  • Buffer Overflows
    • The Stack
    • Overflows
    • ROP

Challenge

Additional Materials

Further Readings

Lesson 2: Exploit Automation [16. March 2020]

Learning python by exploiting C binaries?

Slides: lesson2.pdf

Recording: 1080p 720p 480p

TOC

  • News
  • Previous Challenge
    • Flag 1
    • Flag 2
  • pwntools
    • Basics
    • Tubes
    • Working with Binaries
    • Shellcoding
    • ROP
  • ropper
  • ropium

Challenge

Oh no! Our fibonacci calculator is getting exploited, can you figure out how? I heard it had something to do with negative numbers…

  • Hints: This binary has only readable memory, so you probably want to remove that limit ;) You will probably have to use a sigreturn frame for this, since there are not enough gadgets for all registers. Also, setting rax is gonna require some effort :)
  • Files: babyrop.zip
  • Server: google.jadoulr.tk 42001
  • Author: Robin Jadoul

Further Readings

Lesson 3: Linux Hardening [23. March 2020]

How to defeat Linux once and for all!

Slides: lesson3.pdf

Recording: 1080p 720p 480p

TOC

  • Previous Challenge
  • Exploit Mitigations
    • Data Execution Prevention (DEP)
    • Stack Canary
    • Address Space Layout Randomization (ASLR)
    • General Tips against Randomization
    • Relocation Read-Only (RELRO)
  • Other Tips

Challenge

On the surface this challenge should be very easy to exploit, however, there are some protections…

  • Hints: No hints this time! Please do not run to many concurrent attempts, otherwise the server will be overloaded!
  • Files: protections.zip
  • Server: google.jadoulr.tk 42002
  • Author: Robin Jadoul

Further Readings

Lesson 4: Reversing tools [30. March 2020]

An in-depth look into radare2

Slides: lesson4.pdf

Recording: 1080p 720p 480p

TOC

  • Previous Challenge
  • Radare2 Introduction
    • Installation
    • Useful Commands
    • CTF Tactics

Challenge

  • Hints: No hints, this is not a lame youtube hacking tutorial.
  • Files: revvy.zip
  • Server: N/A
  • Author: Robin Jadoul

Further Readings