I wrote a wholllle pile of 101 web challenges this year, which are ultimately going to be adapted for a workshop I’m giving at NorthSec in Montreal next month. I’m not going to spend a ton of time on them, I’ll just give the solutions quickly. As usual, you can find the code and complete solutions on our GitHub repo! And, if these are particularly interesting to you, come see me in Montreal!| SkullSecurity Blog
I wrote a wholllle pile of 101 web challenges this year, which are ultimately going to be adapted for a workshop I’m giving at NorthSec in Montreal next month. I’m not going to spend a ton of time on them, I’ll just give the solutions quickly. As usual, you can find the code and complete solutions on our GitHub repo! And, if these are particularly interesting to you, come see me in Montreal!| SkullSecurity Blog
If you read my bug-me write-up or my Linux process injection blog, you may be under the impression that I’ve been obsessed with the ability of Linux processes to write to their own memory. These challenges are no exception! You can download source and the challenge (including solutions) here (acaan) and here (drago-daction).| SkullSecurity Blog
Every year, I make a list of ideas and it contains the same thing: “process that debugs itself”. It’s from a half-remembered Windows challenge I solved when I was very new to CTFs. I’m obsessed with that concept, having messed with writing debuggers a few times (including Mandrake), and blogging about process injection. You’ll find a few challenges influenced by that those concepts thie yar, but this time we’re gonna look at bug-me. You can download source and the challenge (inclu...| SkullSecurity Blog
Hey all! My husband’s company recently did an internal (commercial) CTF, and as a CTF nerd I got suckered into helping him. I thought one of the challenges had a pretty interesting solution - at least, something I hadn’t done before - and I thought I’d do a little write-up! Because it’s a commercial CTF, I wrote my own vulnerability binary, which you can grab here. It’s much, much simpler, but has all the components I wanted. They also provided libc.so, but since I’m not actually ...| SkullSecurity Blog
This is a write-up for turing-complete, turing-incomplete, and turing-incomplete64 from the BSides San Francisco 2024 CTF! turing-complete is a 101-level reversing challenge, and turing-incomplete is a much more difficult exploitation challenge with a very similar structure. turing-incomplete64 is a 64-bit version of turing-incomplete, which isn’t necessarily harder, but is different. Let’s look at the levels!| SkullSecurity Blog
Slay the Spider is a Minesweeper-like game where the user and computer try to uncover a spider. The challenge name and trappings are based on Slay the Spire, which is one of my favourite games.| SkullSecurity Blog
This is a write-up for Safer Streets. I apparently wrote this in more “note to self” style, not blog style, so enjoy!| SkullSecurity Blog
No Tools is a fairly simple terminal challenge, something for new players to chew on. I suspect there are several different ways to solve it, but the basic idea is to read a file using only built-in functions from sh.| SkullSecurity Blog
The premise of the three challenges cant-give-in, cant-give-in-secure, and cant-give-in-securer are to learn how to exploit and debug compiled code that’s loaded as a CGI module. You might think that’s unlikely, but a surprising number of enterprise applications (usually hardware stuff - firewalls, network “security” appliances, stuff like that) is powered by CGI scripts. You never know! This challenge was inspired by one of my co-workers at GreyNoise asking how to debug a CGI script....| SkullSecurity Blog