Ctf-foo: Difference between revisions

From Chaosdorf Wiki
m (prefixed the dates with "2022-")
(Added some information to each of the events)
Line 9: Line 9:
}}
}}


== ctf foo ==
Alles 2 Wochen Samstag 14:00 - ...
 
== 2022-03-05-ctf-foo-assembly-basics ==
 
* Memory
* Register
* "code" (Assembly)
* Functions (calling conventions)
* Buffers
* ... (add stuff here that might fit here)
 
== 2022-03-19-ctf-foo-linux ==
 
* Syscalls
* Interrupts
* Kernel
* Process
* Init
* Boot process
* Filesystems
* Permissions
* Uid, Gid
* ... (add stuff here that might fit here)
 
== 2022-04-02-ctf-foo-buffer-overflow ==
 
* Recap: functions (calling conventions)
* Recap: buffers
* What do we overwrite?
* What implications can overwriting data have?
* ... (add stuff here that might fit here)
 
== 2022-04-16-ctf-foo-shellcode ==
 
* What is shellcode?
* Why learn to do stuff with it?
* What can we do with it?
* What problems might arise?
* How can we solve the problems that arise?
* ... (add stuff here that might fit here)
 
== 2022-04-30-ctf-foo-infoleaks ==
 
* How can information be leaked?
* Why leak information?
* ... (add stuff here that might fit here)
 
== 2022-05-14-ctf-foo-rop ==
 
* What is the initial problem leading to us ropping?
* What is "rop"?
* Why "rop"?
* Recap: buffer-overflow
* Recap: infoleaks
* How can we leak foo using rop?
* How can we find more gadgets?
* How can we pop a shell?
* ... (add stuff here that might fit here)
 
== 2022-05-28-ctf-foo-mitigations ==
 
* Start at 0, what are the problems?
* What mitigations exist (on a high level)?
* For each problem, what mitigation solves the problem?
* How can we bypass the mitigations?
* ... (add stuff here that might fit here)
 
== 2022-06-11-ctf-foo-reversing ==
 
* What is reversing?
* How do we reverse?
* What tools to we use?
* What should be looked at in more detail?
* Qiling
* ... (add stuff here that might fit here)
 
== 2022-06-25-ctf-foo-heap-basics ==
 
* What primitives exist?
* How do they work?
* How to read the "docs" (aka. glibc code)
* How to inspect the heap
* Getting comfy with debugging hooks
* ... (add stuff here that might fit here)
 
== 2022-07-09-ctf-foo-heap-techniques ==
 
* What's broken?
* How do we identify broken stuff?
* How do we break it?
* ... (add stuff here that might fit here)
 
== 2022-07-23-ctf-foo-race-conditions ==


Alles 2 Wochen Samstag 14:00 - ...
* What are race conditions?
* Where do they arise?
* How can we identify them?
* How con we exploit them?
* TOCTOU
* ... (add stuff here that might fit here)
 
== 2022-08-06-ctf-foo-fuzzing ==
 
* What is fuzzing?
* Why fuzz stuff
* How to fuzz stuff
* Concept (Mutation, Coverage, Snapshots, ...)
* Harnessing a target, what to look out for
* ... (add stuff here that might fit here)
 
== 2022-08-20-ctf-foo-kernel-security ==
 
* What is the kernel?
* How can we interact with it?
* What might break?
* How can we break it?
* ... (add stuff here that might fit here)
 
== 2022-09-03-ctf-foo-symbolic-execution ==
 
* What is symbolic execution?
* Into: z3
* Intro: angr
* Problems: Path explosion
* ... (add stuff here that might fit here)
 
== 2022-09-17-ctf-foo-automated-program-analysis ==


* 2022-03-05-ctf-foo-assembly-basics
* What can be automated?
* 2022-03-19-ctf-foo-linux
* What can't be automated? (and why not?)
* 2022-04-02-ctf-foo-buffer-overflow
* 2022-04-16-ctf-foo-shellcode
* 2022-04-30-ctf-foo-rop
* 2022-05-14-ctf-foo-infoleaks
* 2022-05-28-ctf-foo-mitigations
* 2022-06-11-ctf-foo-reversing
* 2022-06-25-ctf-foo-heap-basics
* 2022-07-09-ctf-foo-heap-techniques
* 2022-07-23-ctf-foo-race-conditions
* 2022-08-06-ctf-foo-fuzzing
* 2022-08-20-ctf-foo-kernel-security
* 2022-09-03-ctf-foo-symbolic-execution
* 2022-09-17-ctf-foo-automated-program-analysis

Revision as of 20:57, 21 February 2022

CTF foo
Capture The Flag foo
Art Meet-Up
Datum every other saturday
Start 14:00
Host hanemile
Relevant? Yes

Alles 2 Wochen Samstag 14:00 - ...

2022-03-05-ctf-foo-assembly-basics

  • Memory
  • Register
  • "code" (Assembly)
  • Functions (calling conventions)
  • Buffers
  • ... (add stuff here that might fit here)

2022-03-19-ctf-foo-linux

  • Syscalls
  • Interrupts
  • Kernel
  • Process
  • Init
  • Boot process
  • Filesystems
  • Permissions
  • Uid, Gid
  • ... (add stuff here that might fit here)

2022-04-02-ctf-foo-buffer-overflow

  • Recap: functions (calling conventions)
  • Recap: buffers
  • What do we overwrite?
  • What implications can overwriting data have?
  • ... (add stuff here that might fit here)

2022-04-16-ctf-foo-shellcode

  • What is shellcode?
  • Why learn to do stuff with it?
  • What can we do with it?
  • What problems might arise?
  • How can we solve the problems that arise?
  • ... (add stuff here that might fit here)

2022-04-30-ctf-foo-infoleaks

  • How can information be leaked?
  • Why leak information?
  • ... (add stuff here that might fit here)

2022-05-14-ctf-foo-rop

  • What is the initial problem leading to us ropping?
  • What is "rop"?
  • Why "rop"?
  • Recap: buffer-overflow
  • Recap: infoleaks
  • How can we leak foo using rop?
  • How can we find more gadgets?
  • How can we pop a shell?
  • ... (add stuff here that might fit here)

2022-05-28-ctf-foo-mitigations

  • Start at 0, what are the problems?
  • What mitigations exist (on a high level)?
  • For each problem, what mitigation solves the problem?
  • How can we bypass the mitigations?
  • ... (add stuff here that might fit here)

2022-06-11-ctf-foo-reversing

  • What is reversing?
  • How do we reverse?
  • What tools to we use?
  • What should be looked at in more detail?
  • Qiling
  • ... (add stuff here that might fit here)

2022-06-25-ctf-foo-heap-basics

  • What primitives exist?
  • How do they work?
  • How to read the "docs" (aka. glibc code)
  • How to inspect the heap
  • Getting comfy with debugging hooks
  • ... (add stuff here that might fit here)

2022-07-09-ctf-foo-heap-techniques

  • What's broken?
  • How do we identify broken stuff?
  • How do we break it?
  • ... (add stuff here that might fit here)

2022-07-23-ctf-foo-race-conditions

  • What are race conditions?
  • Where do they arise?
  • How can we identify them?
  • How con we exploit them?
  • TOCTOU
  • ... (add stuff here that might fit here)

2022-08-06-ctf-foo-fuzzing

  • What is fuzzing?
  • Why fuzz stuff
  • How to fuzz stuff
  • Concept (Mutation, Coverage, Snapshots, ...)
  • Harnessing a target, what to look out for
  • ... (add stuff here that might fit here)

2022-08-20-ctf-foo-kernel-security

  • What is the kernel?
  • How can we interact with it?
  • What might break?
  • How can we break it?
  • ... (add stuff here that might fit here)

2022-09-03-ctf-foo-symbolic-execution

  • What is symbolic execution?
  • Into: z3
  • Intro: angr
  • Problems: Path explosion
  • ... (add stuff here that might fit here)

2022-09-17-ctf-foo-automated-program-analysis

  • What can be automated?
  • What can't be automated? (and why not?)