I had a great time playing quals this year with Shellphish. I usually try to write full-length stories for my writeups (see my blog archives for a few), but this one will be a bit less complete for time reasons.
Are you hearing what I’m hearing?
HOST: echoid-7xf5f2sbdofl6.shellweplayaga.me
PORT: 1337
Files:
- echoid
- fingerprints.db
$ nc echoid-7xf5f2sbdofl6.shellweplayaga.me 1337
Ticket please: ticket{redacted}
Send us your song to be identified
asdf
ERROR: Invalid input size: 1717859169
Source from the organizers: https://github.com/Nautilus-Institute/quals-2025/tree/main/echoid
Continue reading →This year was Samurai’s third time playing Hack A Sat’s (HAS) quals round. The first time we played, we qualified for finals. Year 2, we didn’t qualify. So this year we were hoping to qualify again. I personally wasn’t super involved in the first year, and only a bit involved last year (I don’t think the weekends lined up super great for me), but I was interested to take a shot at it this year and hopefully qualify! Blazin’ Etudes was the third of a series of microblaze reversing challenges, released on the last day of the competition (Sunday).
Continue reading →This weekend, Samurai played the DEF CON CTF Qualifier event. We had a great time playing; much thanks to the organizers for putting on a great event! Many thanks to my teammates, it was awesome playing with you all! One of the challenges this weekend was called baby-a-fallen-lap-ray. It was categorized as a pwn challenge, and it made a comment about being ‘the return of the parallel machine (or is it?)’.
I had the opportunity to compete in the CSAW CTF Finals 2018 for a second year in a row, with the UMBC Cyber Dawgs. It was a lot of fun, despite our somewhat lackluster finish in 10th place. I learned a lot. For instance, in this challenge, I learned how to exploit a Use-After-Free vulnerability (in WebAssembly no doubt!).
Continue reading →I recently had the opportunity to compete in the CSAW CTF Finals with the UMBC Cyber Dawgs. It was an amazing competition; the organizers were awesome and did a great job. We placed 7th in North America, by the way :) If you’ve never heard of CSAW before, it’s a huge student-run security conference/competition. We played in the CTF, or capture-the-flag competition. I would consider one of the best undergraduate-level CTF competitions. CSAW CTF is a jeopardy style competition in which you have a board of challenges, and you get points for solving them. You solve the challenge by hacking at it until it gives you a flag of the form flag{th1s_i5_a_f1@g}, which you enter into the scoreboard to receive points. Team with the most points wins.