Cybersecurity challenges - CTFs and more
Capture-The-Flag style cybersecurity challenges are a fun way to learn new skills and to keep sharp on things you already know. There is a very large number of challenges available in a wide variety of fields and difficulties. The fields span scripting vulnerabilities related to weak environment or configuration, network vulnerabilities, application security, steganography, cryptography and many more. Usually you will compete against teams under time pressure, but I like to take past challenges and try to do an easy one over lunch or take on a hard one over the weekend. Additionally some sites, such as ctftime, post challenges that are not part of a CTF game.
When I find something noteworthy, I try to add a section with my take on it here on my page.
- CTF - SQL injection
- Differential Power Analysis on AES - Hands On Single Bit Attack
- Differential Power Analysis on AES - Hands On Multi Bit Attack
- Attacks on White Box Crypto - Hands On Single Bit Attack
- Attacks on White Box Crypto - Hands On Multi Bit Attack
- Cybersecurity challenges - C++ reversing
- NSA's Ghidra - C++ reversing revisited
- NSA's Ghidra - Can It Do MIPS?
- NSA's Ghidra - Can It Do GO?
- Cybersecurity challenges - WEP
- Reversing using qemu
- Reversing native Android using remote IDA Pro
- Symbolic Analysis with angr
- Anti-Debugging and Anti-VM using timing
- Timeless debugging - qira
- Angr, qira & PIN vs. ptrace anti-debug & anti-symbolic-execution
- angrdbg - that's not a typo
- Fun With Flags - Z3 SMT Solver
- Angr hooking - de/recompiling - chainbreaker