Ctf-foo

Every two weeks on Saturday from 14:00 - no limit

We'll look at specific topics at each event and maybe play some CTF that is currently running afterwards in order to try out our newly learnt skills.

Topics
Got a topic you'd wish we go over? Put it here:


 * YOUT TOPIC HERE

topics

 * Memory
 * Register
 * "code" (Assembly)
 * Functions (calling conventions)
 * Buffers
 * ... (add stuff here that might fit here)

participants

 * oryon
 * awh4ck3r / keiffrichards@gmail.com
 * Spectranis
 * Lukas
 * @ThisIsM4l1k

topics

 * Syscalls
 * Interrupts
 * Kernel
 * Process
 * Init
 * Boot process
 * Filesystems
 * Permissions
 * Uid, Gid
 * ... (add stuff here that might fit here)

participants

 * - YOUR NAME HERE
 * - YOUR NAME HERE

topics

 * Recap: functions (calling conventions)
 * Recap: buffers
 * What do we overwrite?
 * What implications can overwriting data have?
 * ... (add stuff here that might fit here)

participants

 * YOUR NAME HERE

topics

 * What is shellcode?
 * Why learn to do stuff with it?
 * What can we do with it?
 * What problems might arise?
 * How can we solve the problems that arise?
 * ... (add stuff here that might fit here)

participants

 * YOUR NAME HERE

topics

 * How can information be leaked?
 * Why leak information?
 * ... (add stuff here that might fit here)

participants

 * YOUR NAME HERE

topics

 * What is the initial problem leading to us ropping?
 * What is "rop"?
 * Why "rop"?
 * Recap: buffer-overflow
 * Recap: infoleaks
 * How can we leak foo using rop?
 * How can we find more gadgets?
 * How can we pop a shell?
 * ... (add stuff here that might fit here)

participants

 * YOUR NAME HERE

topics

 * Start at 0, what are the problems?
 * What mitigations exist (on a high level)?
 * For each problem, what mitigation solves the problem?
 * How can we bypass the mitigations?
 * ... (add stuff here that might fit here)

participants

 * YOUR NAME HERE

Mentors

 * bdgtwy
 * bdgtwy

topics

 * What is reversing?
 * How do we reverse?
 * What tools to we use?
 * What should be looked at in more detail?
 * Qiling
 * ... (add stuff here that might fit here)

participants

 * YOUR NAME HERE

topics

 * What primitives exist?
 * How do they work?
 * How to read the "docs" (aka. glibc code)
 * How to inspect the heap
 * Getting comfy with debugging hooks
 * ... (add stuff here that might fit here)

participants

 * YOUR NAME HERE

topics

 * What's broken?
 * How do we identify broken stuff?
 * How do we break it?
 * ... (add stuff here that might fit here)

participants

 * YOUR NAME HERE

topics

 * What are race conditions?
 * Where do they arise?
 * How can we identify them?
 * How con we exploit them?
 * TOCTOU
 * ... (add stuff here that might fit here)

participants

 * YOUR NAME HERE

topics

 * What is fuzzing?
 * Why fuzz stuff
 * How to fuzz stuff
 * Concept (Mutation, Coverage, Snapshots, ...)
 * Harnessing a target, what to look out for
 * ... (add stuff here that might fit here)

participants

 * YOUR NAME HERE

topics

 * What is the kernel?
 * How can we interact with it?
 * What might break?
 * How can we break it?
 * ... (add stuff here that might fit here)

participants

 * YOUR NAME HERE

topics

 * What is symbolic execution?
 * Into: z3
 * Intro: angr
 * Problems: Path explosion
 * ... (add stuff here that might fit here)

participants

 * YOUR NAME HERE

topics

 * What can be automated?
 * What can't be automated? (and why not?)

participants

 * YOUR NAME HERE