m (→2022-03-05-assembly-basics: Removed the "YOUR NAME HERE" participant) |
|||
Line 63: | Line 63: | ||
* {{U|ytvwld}} | * {{U|ytvwld}} | ||
* | * Lukas | ||
== 2022-04-02-buffer-overflow == | == 2022-04-02-buffer-overflow == |
Revision as of 12:40, 19 March 2022
CTF foo | |
---|---|
Capture The Flag foo | |
Art | Meet-Up |
Datum | every other saturday |
Start | 14:00 |
Host | hanemile |
Relevant? | Yes |
Every two weeks on Saturday from 14:00 - no limit
We'll look at specific topics at each event and maybe play some CTF that is currently running afterwards in order to try out our newly learnt skills.
Topics
Got a topic you'd wish we go over? Put it here:
- YOUT TOPIC HERE
2022-03-05-assembly-basics
Mentors
topics
- Memory
- Register
- "code" (Assembly)
- Functions (calling conventions)
- Buffers
- ... (add stuff here that might fit here)
participants
- oryon
- awh4ck3r / keiffrichards@gmail.com
- Spectranis
- Lukas
- @ThisIsM4l1k
2022-03-19-linux
Mentors
topics
- Syscalls
- Interrupts
- Kernel
- Process
- Init
- Boot process
- Filesystems
- Permissions
- Uid, Gid
- ... (add stuff here that might fit here)
participants
- ytvwld
- Lukas
2022-04-02-buffer-overflow
Mentors
topics
- Recap: functions (calling conventions)
- Recap: buffers
- What do we overwrite?
- What implications can overwriting data have?
- ... (add stuff here that might fit here)
participants
- YOUR NAME HERE
2022-04-16-shellcode
Mentors
topics
- What is shellcode?
- Why learn to do stuff with it?
- What can we do with it?
- What problems might arise?
- How can we solve the problems that arise?
- ... (add stuff here that might fit here)
participants
- YOUR NAME HERE
2022-04-30-infoleaks
Mentors
topics
- How can information be leaked?
- Why leak information?
- ... (add stuff here that might fit here)
participants
- YOUR NAME HERE
2022-05-14-rop
Mentors
topics
- What is the initial problem leading to us ropping?
- What is "rop"?
- Why "rop"?
- Recap: buffer-overflow
- Recap: infoleaks
- How can we leak foo using rop?
- How can we find more gadgets?
- How can we pop a shell?
- ... (add stuff here that might fit here)
participants
- YOUR NAME HERE
2022-05-28-mitigations
Mentors
topics
- Start at 0, what are the problems?
- What mitigations exist (on a high level)?
- For each problem, what mitigation solves the problem?
- How can we bypass the mitigations?
- ... (add stuff here that might fit here)
participants
- YOUR NAME HERE
2022-06-11-reversing
Mentors
- hanemile
- bdgtwy
topics
- What is reversing?
- How do we reverse?
- What tools to we use?
- What should be looked at in more detail?
- Qiling
- ... (add stuff here that might fit here)
participants
- YOUR NAME HERE
2022-06-25-heap-basics
Mentors
topics
- What primitives exist?
- How do they work?
- How to read the "docs" (aka. glibc code)
- How to inspect the heap
- Getting comfy with debugging hooks
- ... (add stuff here that might fit here)
participants
- YOUR NAME HERE
2022-07-09-heap-techniques
Mentors
topics
- What's broken?
- How do we identify broken stuff?
- How do we break it?
- ... (add stuff here that might fit here)
participants
- YOUR NAME HERE
2022-07-23-race-conditions
Mentors
topics
- What are race conditions?
- Where do they arise?
- How can we identify them?
- How con we exploit them?
- TOCTOU
- ... (add stuff here that might fit here)
participants
- YOUR NAME HERE
2022-08-06-fuzzing
Mentors
topics
- What is fuzzing?
- Why fuzz stuff
- How to fuzz stuff
- Concept (Mutation, Coverage, Snapshots, ...)
- Harnessing a target, what to look out for
- ... (add stuff here that might fit here)
participants
- YOUR NAME HERE
2022-08-20-kernel-security
Mentors
topics
- What is the kernel?
- How can we interact with it?
- What might break?
- How can we break it?
- ... (add stuff here that might fit here)
participants
- YOUR NAME HERE
2022-09-03-symbolic-execution
Mentors
topics
- What is symbolic execution?
- Into: z3
- Intro: angr
- Problems: Path explosion
- ... (add stuff here that might fit here)
participants
- YOUR NAME HERE
2022-09-17-automated-program-analysis
topics
- What can be automated?
- What can't be automated? (and why not?)
participants
- YOUR NAME HERE