Reverse engineering, CTF writeups and binary analysis. https://allthingsreversed.io/ en Sun, 08 Mar 2026 00:00:00 +0000 https://allthingsreversed.io/20260308-quake2-64bit-sizeof-bug.html https://allthingsreversed.io/20260308-quake2-64bit-sizeof-bug.html Sun, 08 Mar 2026 00:00:00 +0000 quake2 debugging reverse-engineering x86_64 bug-hunting A 29-Year-Old Bug in Quake II I’ve been working on potatOS - a hobby 64-bit OS kernel that boots on QEMU. One of the recent milestones was getting Quake II running on it, using id Software’s original GPL source code compiled for x86_64 with the software renderer (ref_soft). The game worked surprisingly well - until I walked into a specific area and the whole thing crashed. The crash The crash w... https://allthingsreversed.io/20260308-fuzzing-dotnet-libraries.html https://allthingsreversed.io/20260308-fuzzing-dotnet-libraries.html Sun, 08 Mar 2026 00:00:00 +0000 dotnet fuzzing security afl Fuzzing .NET Libraries with AFL++ and SharpFuzz For the past few weeks I’ve been spending time fuzzing various .NET libraries - both popular NuGet packages and Base Class Library (BCL) components. The goal was to find bugs that could be triggered by malformed input: null reference exceptions, out-of-bounds accesses, infinite loops, memory exhaustion and similar issues that parsers and deseriali... https://allthingsreversed.io/20251214-MiniBloat-writeup.html https://allthingsreversed.io/20251214-MiniBloat-writeup.html Sun, 14 Dec 2025 00:00:00 +0000 seccon reverse-engineering ghidra ida web z3 sat solver Challenge intro As a challenge we are given a bunch of HTML, JavaScript and CSS files. It appears to be a static website so we can start it by using Python’s http module by running: python3 -m http.server Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ... Opening this page in the browser we are presented with an Advent Calendar of puzzles. And our task is to provide an answer that wou... https://allthingsreversed.io/20251130-AnotherAndroidApplaketion.html https://allthingsreversed.io/20251130-AnotherAndroidApplaketion.html Sun, 30 Nov 2025 00:00:00 +0000 lakectf reverse-engineering ghidra ida java z3 sat solver android Intro Another Android Applaketion was one of the reversing challenges during Lake CTF 2025 Quals. It was a bit harder version of a challenge that was available during Lake CTF 2024 - An Android Applaketion. Same as the last time, we are given a single .apk file with the challenge. Since it’s an apk (which is essentially a renamed zip archive), we can start by unzipping it. 2216 Jan 1 1981 Andro... https://allthingsreversed.io/20251116-Mother-printers-writeup.html https://allthingsreversed.io/20251116-Mother-printers-writeup.html Sun, 16 Nov 2025 00:00:00 +0000 hackinghub reverse-engineering ghidra ida web mother printer The challenge description says: Mother Printers supplies small businesses with top-quality printers, but their security might not be. What begins as a simple company website soon unravels into something far more revealing. Explore and enumerate your way through the application, uncovering clues and connections as you go. This hub takes you on a journey that tests multiple skill sets and rewards... https://allthingsreversed.io/20251108-Whimsical_Ideas_Happy_SShheeeepp-writeup.html https://allthingsreversed.io/20251108-Whimsical_Ideas_Happy_SShheeeepp-writeup.html Sat, 08 Nov 2025 00:00:00 +0000 n1ctf reverse-engineering ghidra ida driver ads ntfs Introduction Whimsical_Ideas_Happy_SShheeeepp was one of the four reverse engineering challenges in the N1CTF 2025. As a challenge file we are given an attachment.rar that contains the following files: - README.txt - IronGate.sys - SheepVillage.txt - Init.exe The README.txt gives an intro to the challenge: For the safety of your computer, please solve the problems in a virtual machine!!! Alread... https://allthingsreversed.io/20251107-n1vm-writeup.html https://allthingsreversed.io/20251107-n1vm-writeup.html Sun, 02 Nov 2025 00:00:00 +0000 n1ctf reverse-engineering ghidra ida virtual machine z3 Introduction n1vm was one of the four reverse engineering challenges in the N1CTF 2025. As a challenge file we are given problem.exe that we can load up to our favorite disassembler. VM analysis The main program logic starts in FUN_140001360 where some values are pushed onto the stack. This includes our inputs. This is de facto our VM initialization routine and execution starts here. The flow o... https://allthingsreversed.io/20251023-ultimate-calculator-3000.html https://allthingsreversed.io/20251023-ultimate-calculator-3000.html Thu, 23 Oct 2025 00:00:00 +0000 cryptocat reverse-engineering ghidra golang hmac New CTF challenge! It will run until the 30th of October ⏳ There’s no prizes, but the first 3 solves will earn themselves the “Hacker Cat” rank in discord. You can use this channel to discuss, but no hints/spoilers until the challenge finishes, please! DM me if you get the flag or have questions (no hints!) 🙂 Download “Ultimate Calculator 3000” to get started 👇 ultimate_calc binary The binary s... https://allthingsreversed.io/20251020-instructions-unclear-hacklu-ctf.html https://allthingsreversed.io/20251020-instructions-unclear-hacklu-ctf.html Mon, 20 Oct 2025 00:00:00 +0000 hack.lu reverse-engineering ghidra PDF Code_128 Instructions unclear “Instructions unclear” was one of the reversing challenges from Hack.Lu CTF 2025. The description reads: bro is stuck installing this FLÄN ceiling fan. Instructions are unclear. Can you help ‘em? And we were given an attachment that is a single PDF file. It appears to be an instruction for a fan but at the bottom of it we can spot some black and white strips that look like ... https://allthingsreversed.io/20250725-cgb-google-ctf.html https://allthingsreversed.io/20250725-cgb-google-ctf.html Fri, 25 Jul 2025 00:00:00 +0000 google reverse-engineering ghidra gba CGB ℹ️ Part of this analysis is done post CTF. CGB was one of the reversing challenges from Google CTF 2025. It was solved by 23 teams and during the CTF I did mange to get part of the solution but not the final flag. After the CTF, with a bit more time, I attempted to solve it, and here’s a writeup. The task description reads: A game I found in a developer’s drawer, it looks like an unfinished... https://allthingsreversed.io/20250615-avernos-bi0sCTF-2025.html https://allthingsreversed.io/20250615-avernos-bi0sCTF-2025.html Sun, 15 Jun 2025 00:00:00 +0000 bi0s reverse-engineering ghidra avernos Avernos was one of the reverse engineering (RE) challenges from the recent bi0s CTF. It was solved by 18 teams and was worth 838 points. I managed to solve it during the CTF, although I struggled with part of the task. The solution I came up with might be interesting to document - so let’s start. The description reads: An ancient engine stirs in the dark. It speaks no language you know.... https://allthingsreversed.io/20250526-nahamcon-2025.html https://allthingsreversed.io/20250526-nahamcon-2025.html Mon, 26 May 2025 16:20:00 +0000 NahamCon reverse-engineering ghidra NahamCon CTF 2025 — Challenge Writeups & Analysis During the weekend, I participated in NahamCon CTF 2025. Here’s a list of the challenges I managed to solve during the competition: Sending Mixed Signals, The Oddyssey, Puzzle Pieces, My First CTF, Screenshot, Free flags!, Verification Clarification, FlagsFlagsFlags, Deflation Gangster, It's locked, What's a base amongst friends?, and No! No... https://allthingsreversed.io/20250413-1753ctf-luck-free-flag-fortune.html https://allthingsreversed.io/20250413-1753ctf-luck-free-flag-fortune.html Sun, 13 Apr 2025 20:13:36 +0000 1753ctf reverse-engineering web ghidra 1753CTF - 🍀Luck, 🤷‍♂️ Free Flag and 🔮 Fortune Had a couple of hours this Friday, so I spontaneously decided to participate in the 1753 CTF. I attempted a few challenges and managed to get First Blood on Fortune. 🍀 Luck (PWN) PWN // ​🍀 Luck (Score: 100 / Solves: 74) ​ Lucky enough? nc luck-c87cea04b0d4.tcp.1753ctf.com 16448 💾 https://get.1753ctf.com/luck/src/luck.csproj?s=uVB1dasG 💾 https://get.... https://allthingsreversed.io/20241128-scripting-ghidra-create-data.html https://allthingsreversed.io/20241128-scripting-ghidra-create-data.html Thu, 28 Nov 2024 20:45:47 +0000 ghidra automate scripting createdata Scripting Ghidra - Create Data In the fifth installment of this series (if you haven’t read/seen here’s - part 1, part 2, part 3 and part 4) we will be using the CreateData() functionality in an automatic fashion. Ghidra supports many distinct types and setting them correctly can help understand the disassembly better. We can manually change the type of undefined data using the UI with Data Typ... https://allthingsreversed.io/20241113-scripting-ghidra-set-equate.html https://allthingsreversed.io/20241113-scripting-ghidra-set-equate.html Wed, 13 Nov 2024 20:25:28 +0000 ghidra scripting automation setequateto Scripting Ghidra - Set Equate In the third installment of this series (if you haven’t read/seen here’s - part 1, part 2 and part 3) we will be using the Set Equate functionality in an automatic fashion. Note: If you prefer watching, have a look at my YouTube channel. Watch on YouTube Looking at raw assembly with all the opcodes and hex values can be challenging. Ghidra allows us to substitute h... https://allthingsreversed.io/20240504-insomnihack-2024-teaser-trompe-loeil.html https://allthingsreversed.io/20240504-insomnihack-2024-teaser-trompe-loeil.html Sat, 04 May 2024 08:10:30 +0000 insomnihack dotnet net ready2run reverse-engineering reversing Insomni’Hack 2024 Teaser - Trompe Loeil - Ready 2 Run New video is out 👇 This time it’s about challenge from InsomniHack 2024 teaser - Trompe Loeil that featured a nice trick that’s coming new to .NET binaries - Ready 2 Run. Go have a look. Watch on YouTube https://allthingsreversed.io/20230127-insomnihack-teaser-2023.html https://allthingsreversed.io/20230127-insomnihack-teaser-2023.html Fri, 27 Jan 2023 20:35:09 +0000 insomnihack ctf reverse-engineering reversing rev1 license challenges Insomni’Hack Teaser 2023 This weekend, Insomni’hack 2023 teaser took place. During the contest, I solved the two RE challenges. rev1 The challenge was, an iOS application written in Swift. The .ipa file is in fact a zip archive which we can unpack and get access to the actual binary plus some extra metadata information. Let’s focus on the binary and start by loading it into Ghidra Initial analy... https://allthingsreversed.io/20221129-hitcon-2022-checker.html https://allthingsreversed.io/20221129-hitcon-2022-checker.html Tue, 29 Nov 2022 16:57:14 +0000 hitcon hitcon-2022 reverse-engineering reversing driver ghidra HITCON 2022 - Checker just a deep and normal checker We have two files in this task: a Windows executable named checker.exe and a .sys file—a driver file named checker_drv.sys. Loading the first one into Ghidra, does not show much code that we can work with. There’s a line that opens the file _driver = CreateFileW(L"\\.\hitcon_checker",0xc0000000,0,0x0,3,4,0x0); and sends the IOCTL DeviceIoCont... https://allthingsreversed.io/20221127-hitcon-2022-meow-way.html https://allthingsreversed.io/20221127-hitcon-2022-meow-way.html Sun, 27 Nov 2022 17:08:00 +0000 hitcon hitcon-2022 ctf reverse-engineering reversing HITCON 2022 - Meow Way Reverse-engineering like the meow way! We are given a Windows 32-bit executable that we can load into Ghidra. In the initial peek into the main, we can see the following (*DAT_0040544c)(iVar3,iVar3 >> 0x1f,iVar3,iVar3 >> 0x1f,0xc4,0,&local_10,&local_10 >> 0x1f); iVar2 = iVar3 + 1; (*DAT_004053a8)(iVar2,iVar2 >> 0x1f,iVar2,iVar2 >> 0x1... https://allthingsreversed.io/20221113-seccon-2022-eguite.html https://allthingsreversed.io/20221113-seccon-2022-eguite.html Sun, 13 Nov 2022 15:32:58 +0000 reverse-engineering reversing seccon ctf SECCON 2022 - eguite We are given an ELF and EXE file (the same challenge - you can pick your enemy) with the simple task to crack its license. Not sure if it’s on purpose (or due to using sandbox/VM) but running it fails so we can’t get any more information from running it. We can load it into Ghidra and start our analysis. By checking the main, we can learn that it uses eframe. Any by searchi... https://allthingsreversed.io/20221112-flare-on-2022-in-a-tweet.html https://allthingsreversed.io/20221112-flare-on-2022-in-a-tweet.html Sat, 12 Nov 2022 07:26:02 +0000 flare-on reverse-engineering reversing flare-on-9 Flare-on 2022 - in a tweet + images Flare-on is a yearly competition that focuses on reverse engineering. In 2022 we could compete in the 9th edition solving 11 challenges. Here’s a really, really short version how we could approach and solve them. 01 - Flaredle Wordle + 21 letters words? JS Wordle app and the flag is among the allowed entries. Use RegEx to find matching words, grep for flare t... https://allthingsreversed.io/20220403-the-gambler-midnight-sun-ctf-2022.html https://allthingsreversed.io/20220403-the-gambler-midnight-sun-ctf-2022.html Sun, 03 Apr 2022 14:08:07 +0000 midnightsun ctf reverse-engineering reversing The Gambler - Midnight Sun CTF 2022 The secret is ‘Knowin’ what the cards were’. Apart from the message we are given the file, with the instruction to run it with mono the_gambler.exe. This alone gives away the fact that, this is a .NET assembly and we can skip any initial analysis and go straight to dnSpy. Upon loading we can see that we are dealing with very simple program, with one class Pro... https://allthingsreversed.io/20220313-tinybit-1337up-ctf.html https://allthingsreversed.io/20220313-tinybit-1337up-ctf.html Sun, 13 Mar 2022 17:09:38 +0000 1337up intigriti reversing reverse-engineering Tinybit - 1337up CTF Just try a little bit harder! Brb, shouting intigriti.rocks! 🔗 Download link: mw.linux 🔗 Download link: mw.darwin 🔗 Download link: mw.windows 🚩 No flag format. The flag starts with z and ends with ! ✍️ Created by Hazcod Note: The shouting part was only added in the middle of the CTF. Three binaries, caused a bit of confusion for me. I was thinking I need to analyze all of t... https://allthingsreversed.io/20220312-bitcoins-for-flags.html https://allthingsreversed.io/20220312-bitcoins-for-flags.html Sat, 12 Mar 2022 20:07:31 +0000 1337up intigriti reverse-engineering reversing Bitcoins for Flags BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP 🔗 Download link: BitcoinsForFlags.zip 🚩 Flag format: CTF{} ✍️ Created by Ferib Hellscream File command gives us the info that we will be dealing with PE Windows executable. ❯ file BitcoinsForFlags.exe BitcoinsForFlags.exe:... https://allthingsreversed.io/20220130-insomnihack-coronavirus.html https://allthingsreversed.io/20220130-insomnihack-coronavirus.html Sun, 30 Jan 2022 19:28:44 +0000 insomnihack ctf reverse-engineering corona-virus coronavirus Insomni’Hack - Corona Virus A devastating computer virus infected millions of machines around the world. Security experts were able to capture a sample, but the virus seems to be looking for something specific, and acts frustrated if it is not happy. Who knows the horrors it may unleach onto the world if…or when it finds what it wants? We need your help to fully execute this virus and find out ... https://allthingsreversed.io/20211125-solving-babyrust-n1ctfffm.html https://allthingsreversed.io/20211125-solving-babyrust-n1ctfffm.html Thu, 25 Nov 2021 20:13:26 +0000 ctf rusty babyrust n1ctf babyRust - N1CTF This fun, little challenge was RE challenge during N1CTF. We are given the following Rust source code: macro_rules! check { (@s n1ctf{$Never:tt}) => { check!(stringify!($Never)) }; (@e ($Never:expr,$Gonna:expr,$Give:expr); (Never gonna give you up $($code:tt)*)) => { $Give += true as usize; check!(@e ($Never,$Gonna,$Give); ($($code)*)); }; (@e ($Never:expr,$Gonna:expr,$Gi... https://allthingsreversed.io/20211113-antioch-flare-on-8.html https://allthingsreversed.io/20211113-antioch-flare-on-8.html Sat, 13 Nov 2021 06:15:43 +0000 flare-on-8 ghidra antioch Flare-On 8 - Antioch To solve this challenge, you’ll need to …AAARGH This challenge was really AAARGH for me. In retrospect I wonder why I didn’t see what I was supposed to see and due to that lost almost a week on this fairly easy challenge. But let’s start from the beginning. We are given a tar file, which contains, a lot of (possibly) randomly names folders, a13ffcf46cf41480e7f15c7f3c6b862b7... https://allthingsreversed.io/20211108-flare-vm-flare-on-8.html https://allthingsreversed.io/20211108-flare-vm-flare-on-8.html Mon, 08 Nov 2021 09:57:39 +0000 flare-on-8 flare-on vm reverse-engineering reversing Flare-On 8 - Flare VM Because of your superior performance throughout the FLARE-ON 8 Challenge, the FLARE team has invited you to their office to hand you a special prize! Ooh – a special prize from FLARE ? What could it be? You are led by a strong bald man with a strange sense of humor into a very nice conference room with very thick LED dimming glass. As you overhear him mumbling about a part... https://allthingsreversed.io/20211102-known-flare-on-8.html https://allthingsreversed.io/20211102-known-flare-on-8.html Tue, 02 Nov 2021 21:27:47 +0000 flare-on-8 flare-on reverse-engineering reversing binary ghidra Flare-On 8 - known We need your help with a ransomware infection that tied up some of our critical files. Good luck. With the second challenge, it’s a bit step up in the difficulty. We are given an EXE with some files (different types; images and text) that has been encrypted. Opening file in Ghidra, we can see less than 10 methods. From entry we can identify main and check what it’s doing. [co... https://allthingsreversed.io/20211031-credchecker-flare-on-8.html https://allthingsreversed.io/20211031-credchecker-flare-on-8.html Sun, 31 Oct 2021 05:54:41 +0000 flare-on-8 flare-on binary reversing reverse-engineering ghidra javascript Flare-On 8 - credchecker The first task in this year’s competition. It is a single HTML file. Inside we can find a simple check for credentials. [code] function checkCreds() { if (username.value == “Admin” && atob(password.value) == “goldenticket”) { var key = atob(encoded_key); var flag = “”; for (let i = 0; i < key.length; i++) { flag += String.fromCharCode(key.charCodeAt(i) ^ pass... https://allthingsreversed.io/20211029-beelogin-flare-on-8.html https://allthingsreversed.io/20211029-beelogin-flare-on-8.html Fri, 29 Oct 2021 18:12:07 +0000 flare-on flare-on-8 flare html javascript obfuscation z3 Flare-On 8 - Beelogin In this challenge we are given a huge, 3.10 MB html file. Opening it, we can see there’s a HTML form, and a lot of JavaScript. A lot. It’s obfuscated too. Looking closer, it appears that it contains mostly the garbage and only some parts are relevant. One valid line and a lot of garbage From the above image, only the line 286 is important. The rest is noise (looks like jQu... https://allthingsreversed.io/20211029-pet-the-kitty-flare-on-8.html https://allthingsreversed.io/20211029-pet-the-kitty-flare-on-8.html Fri, 29 Oct 2021 06:40:11 +0000 flare-on flare flare-on-8 pcap wireshark Flare-On 8 - Pet the Kitty Hello, Recently we experienced an attack against our super secure MEOW-5000 network. Forensic analysis discovered evidence of the files PurrMachine.exe and PetTheKitty.jpg; however, these files were ultimately unrecoverable. We suspect PurrMachine.exe to be a downloader and do not know what role PetTheKitty.jpg plays (likely a second-stage payload). Our incident respo... https://allthingsreversed.io/20210517-dont-trust-the-decompilers.html https://allthingsreversed.io/20210517-dont-trust-the-decompilers.html Mon, 17 May 2021 21:54:10 +0000 decompilation decompiler ghidra reverse-engineering reversing Don’t trust the decompilers Decompilers can be your greatest ally or your greatest enemy. Basing the analysis only by the result of only one tool can fail you greatly. See for yourself. Prefer to watch? Check out this video. Watch on YouTube Recently, I was solving one of the challenge from ångstromCTF 2021 and after opening the file in Ghidra, I’ve started the analysis. At first, everything lo... https://allthingsreversed.io/20210425-solving-geanu.html https://allthingsreversed.io/20210425-solving-geanu.html Sun, 25 Apr 2021 14:48:56 +0000 midnightsun ctf reverse-engineering reversing dragonsector Solving Geanu Geanu was a simple RE challenge from MidnightsunCTF. The task starts by printing the following ASCII-art of Keanu and awaits our input. Keanu from Geanu ;) After getting user input it finishes. Let’s fire up Ghidra and load the binary. Since the binary is written in Go, we can apply ‘golang_renamer.py` to demangle function names, but it’s not really needed to solve this challenge.... https://allthingsreversed.io/20210424-debugging-r2-child-processes.html https://allthingsreversed.io/20210424-debugging-r2-child-processes.html Sat, 24 Apr 2021 10:26:20 +0000 r2 radare2 debugging Debugging r2 - child processes If you ever want to debug r2 while it is debugging another process (so basically debug while debugging r2 -d /bin/ls or when using ood) remember about few important things. Radare2 will create a new process so it is important to be sure if gdb is set to attach to a newly created process or to keep being attached to the parent depending on the use case. It can be c... https://allthingsreversed.io/20210422-debugging-r2.html https://allthingsreversed.io/20210422-debugging-r2.html Thu, 22 Apr 2021 16:59:35 +0000 r2 radare2 debugging gdb tips tricks Debugging r2 This will be a short one. If you ever need to debug Radare2, and after running it under gdb you can’t get into the debugger after hitting ^C as it should, remember that r2 handles this shortcut and this won’t work. Instead use this: kill -SIGTRAP $(pidof r2) This causes r2 to break and you will end up in gdb prompt. https://allthingsreversed.io/20210410-automating-ghidra-part-3.html https://allthingsreversed.io/20210410-automating-ghidra-part-3.html Sat, 10 Apr 2021 19:37:25 +0000 ghidra script scripting automate automating crackme armageddon Automating Ghidra - part 3 In the third installment of this series (if you haven’t read/seen here’s - part 1 & part 2) we will be reconstructing program flow. This is useful for tasks such as Towel’s armageddon. Note: If you prefer watching, have a look at my YouTube channel. Watch on YouTube The difficulty of this crackme is that it contains (as noted in the description) slight obfuscation... https://allthingsreversed.io/20210319-net-user-times-digging-into-windows.html https://allthingsreversed.io/20210319-net-user-times-digging-into-windows.html Fri, 19 Mar 2021 22:37:48 +0000 net-user-times windows debugging reversing reverse-engineering bug bugs net user /times You probably know this but in case you don’t, Windows has built in feature for setting up allowed login days and hours for a particular account. It can be done in the following way net user account_name /times:[{times | ALL}] but when I used it to restrict my kids account, I’ve encountered an interesting issue which resulted in reversing the binary & debugging. If that sound... https://allthingsreversed.io/20210309-rusty-technical-background.html https://allthingsreversed.io/20210309-rusty-technical-background.html Tue, 09 Mar 2021 20:22:37 +0000 rusty technical-info reverse-engineering reversing Rusty - Technical background This post a technical part to the challenge Rusty. If you haven’t read the post you can do it here. Technical background I had few difficulties when creating it. So it might be interesting for some people to read how I’ve managed to overcome them. The process was done in three steps: 1) Prepare linker 2) Prepare Dos Stub 3) Compile Rust and link with Dos Stub Since ... https://allthingsreversed.io/20210203-rusty.html https://allthingsreversed.io/20210203-rusty.html Wed, 03 Feb 2021 20:31:42 +0000 challenge reversing reverse-engineering justctf-2020 ctf solution Rusty So I had my debut as an author of a task for a public CTF event. I’ve created a challenge called Rusty, and let’s say it collected some mixed reactions. I’ve labeled it as an easy RE challenge, but only ten teams managed to solve it in the end - and for those, congrats. Part 1 - This post - Solution Part 2 - Technical background On the high level - the challenge is a simple Rust binary wi... https://allthingsreversed.io/20200831-radare2-can-do-java.html https://allthingsreversed.io/20200831-radare2-can-do-java.html Mon, 31 Aug 2020 10:50:42 +0000 radare2 java bytecode reversing reverse-engineering radare2 can do java I was once asked on my YT channel to do a Java crackme. It only took 7* months to fulfill this request. So, while waiting for Part 4, Professor this is for you. Watch on YouTube We will do a Java crack-me, but an easy one created by me. This is as I want to focus not on crack-me today, but on something else. On the fact that r2 can do java. Radare2 is a native disassembler, ... https://allthingsreversed.io/20200806-ultimate-list-for-learning-reverse-engineering.html https://allthingsreversed.io/20200806-ultimate-list-for-learning-reverse-engineering.html Thu, 06 Aug 2020 08:31:59 +0000 resources reverse-engineering reversing re learning materials Ultimate list of resources for learning Reverse Engineering It supposed to be the list of resources to learn Reverse Engineering but there’s a lot of such lists already in the wild. So this post will sometimes list links of resources to learn RE - kind of meta. In no particular order: https://hshrzd.wordpress.com/how-to-start/ https://github.com/xaw3ep/reverse-engineering (meta) https://github.... https://allthingsreversed.io/20200707-automating-ghidra-part-2.html https://allthingsreversed.io/20200707-automating-ghidra-part-2.html Tue, 07 Jul 2020 06:29:12 +0000 ghidra scripting script labels automation listing Automating Ghidra - part 2 In the last Automating Ghidra post we looked at how we can script Ghidra to do some mundane operations on the Memory Map of our binary. This time we will automate renaming labels for the data based on the values. Watch on YouTube During ASIS CTF 2020 a task was present that poses unique opportunities to show how we can automate the mundane part or reverse engineering ... https://allthingsreversed.io/20200609-making-pwnlib-gdb-attach-work-under-wsl2.html https://allthingsreversed.io/20200609-making-pwnlib-gdb-attach-work-under-wsl2.html Tue, 09 Jun 2020 19:46:06 +0000 pwntools pwn gdb wsl wsl2 open-wsl Making pwnlib.gdb.attach work under WSL2 I’m doing my CTFing under Windows. I used to spawn a VirtualBox or Hyper-V with Ubuntu from time to time when needed or used Digital Ocean’s droplet but since WSL is in town and especially with the speed-up improvements that WSL2 brings I rarely do that. I do “all” my Linux part of CTF using WSL. For RE (which is my main area of interest) it mostly boils... https://allthingsreversed.io/20200527-solutions-gynvael-challenges.html https://allthingsreversed.io/20200527-solutions-gynvael-challenges.html Wed, 27 May 2020 14:03:57 +0000 security web challenge gynvael nodejs expressjs flask python Gynvael’s challenges - Solutions to collection of small web security challs Recently Gynvael started to post little web challenges that are around topics of web security with NodeJs/Express (mostly) and Flask. Since I used to participate actively in Missions (that you could see at the end of his streams) I was more than happy to participate in those challenges too. So here are challenges with m... https://allthingsreversed.io/20200508-scripting-ghidra.html https://allthingsreversed.io/20200508-scripting-ghidra.html Fri, 08 May 2020 18:34:49 +0000 ghidra script scripting python automate Automating ghidra Ghidra is an awesome RE tool that quickly took off after its initial launch in 2019. It can display not only the disassembly of our binary but also have a decompiler that allows us to see a bit higher level code. You can also extend it by using python or Java. Let’s see how we can write a simple script that will automate few things for us. In the last post I was showing how we... https://allthingsreversed.io/20200428-solving-space-fights-ctf.html https://allthingsreversed.io/20200428-solving-space-fights-ctf.html Tue, 28 Apr 2020 21:40:03 +0000 nes ctf crackme challenge space-fights Solving Space Fights CTF Few months back I was solving a CTF challenge for the NES system. It was one of the Flare-On challenges for 2019. This time we will solve another one for the same system. A challenge named Space Fights CTF could be found on github along with the source code but for the moment we will just take the binary file and load it into Ghidra for the analysis. Running this progra... https://allthingsreversed.io/20200419-tamuctf-leaning-tower.html https://allthingsreversed.io/20200419-tamuctf-leaning-tower.html Sun, 19 Apr 2020 20:50:30 +0000 tamctf leaning-tower reversing reverse-engineering ghidra clipboard windows TAMUCtf - leaning tower There were multiple things wrong with this CTF but this one challenge was an interesting one. Windows binary, no noticeable entry point and no messages on screen. It’s time to use our tools to dissect this one. Prefer watching? Watch on YouTube As usually, if possible, starting this task from running the binary - we would be presented with no visible indication that some... https://allthingsreversed.io/20200313-debugging-net-applications-with-dotpeek.html https://allthingsreversed.io/20200313-debugging-net-applications-with-dotpeek.html Fri, 13 Mar 2020 10:47:59 +0000 debugging dotpeek net net-assembly Debugging .Net applications without source code with dotPeek Symbol Server Few years ago I’ve made a video that demonstrates how one can debug (from Visual Studio) without having source code by using the dotPeek Symbol Server. You can see the video below: Watch on YouTube DotPeek is one of many competing .NET decompilers (I ❤ dnSpy) but it has a great feature that allows it to act as a PDB symb... https://allthingsreversed.io/20200214-kaboom.html https://allthingsreversed.io/20200214-kaboom.html Fri, 14 Feb 2020 19:22:02 +0000 insomnihack reverse-engineering reversing ctf Kaboom! This wasn’t a difficult task but it had one tricky trick that made it take way more time than it should be required. We started with an exe file that when loaded in any disassembler tool (e.g. Ghidra) or do some preliminary checking to see that the file was packed with UPX. And what you do when you encounter such file? You decompress. After successful decompression the file was much lar... https://allthingsreversed.io/20200116-core-dumb-hitcon.html https://allthingsreversed.io/20200116-core-dumb-hitcon.html Thu, 16 Jan 2020 00:00:27 +0000 hitcon reversing reverse-engineering core ghidra Core Dumb - HitCon 2019 Note: challenge was solved together with Disconnected. Damn it my flag checker is so buggy it destroyed the program itself 😱 All I left is a core dump file :( Could you help me recover the flag ? Q_Q Let’s start by checking the file that we are given in this challenge: λ file core-3c5a47af728e9968fd7a6bb41fbf573cd52677bc core-3c5a47af728e9968fd7a6bb41fbf573cd52677bc: ELF... https://allthingsreversed.io/20191221-hitcon-2019-qualificationa-ev3-arm.html https://allthingsreversed.io/20191221-hitcon-2019-qualificationa-ev3-arm.html Sat, 21 Dec 2019 17:15:42 +0000 lego reversing hitcon qualifications python pil Hitcon 2019 Qualification - EV3 Arm It’s one of those challenges that brings together two things that I like - this time it was reverse engineering and lego bricks. What was the input in this challenge was a picture that, supposedly depict how the robot was programmed and a rbf file that contains the aforementioned robot states. We could spend some time analyzing the binary format of rbf file b... https://allthingsreversed.io/20191121-flare-on-2019-solutions-notes.html https://allthingsreversed.io/20191121-flare-on-2019-solutions-notes.html Thu, 21 Nov 2019 15:31:08 +0000 flare-on flare reversing debugging Flare-On 2019 solutions/notes (upd. 11.02) I’m well aware that there’s multiple write-ups/solutions presenting 2019’s Flare-On solutions but I’ve decided to provide my own for two reasons. Firstly, to have some notes I can easily find for future. Secondly, I think some of my solutions were non-standard so it might be useful in some other cases for other reversers not only for me. So here’s my n... https://allthingsreversed.io/20190620-solving-sega-genesis-rom-ctf-challenge.html https://allthingsreversed.io/20190620-solving-sega-genesis-rom-ctf-challenge.html Thu, 20 Jun 2019 03:14:18 +0000 sega rom crackme Solving SEGA Genesis ROM CTF Challenge File for the challenge can be downloaded from here. In order to run the file we need an emulator. There are few available but I’ve used gens. Probably a better one could be found but at least for my purpose this was enough. After running gens and loading the jump.bin we see this: Main screen of the challenge We can play with it a little bit to see what’s p... https://allthingsreversed.io/20190408-oldschool-confidence-teaser-2019.html https://allthingsreversed.io/20190408-oldschool-confidence-teaser-2019.html Mon, 08 Apr 2019 06:17:02 +0000 reversing re ctf p4 ghidra dos Oldschool - CONFidence Teaser 2019 Gynvael did a survey lately to see what kind of assembly is taught in Polish universities, and if any of them is still teaching the old 8086. Let us extend this question to the CTF scene! This challenge is a clear reference to Gynvael’s survey which is obvious from the description but it might be also a reference to a task that was part of Dragon Sector’s CTF ... https://allthingsreversed.io/20180726-never-ever-be-fooled-to-pay-ransomware-ctfzone2018.html https://allthingsreversed.io/20180726-never-ever-be-fooled-to-pay-ransomware-ctfzone2018.html Thu, 26 Jul 2018 18:24:54 +0000 ctf reversing forensics ransomware malware ctfzone Never ever be fooled to pay ransomware! — Has Your Android Phone Been Infected with Malware? — Yes! — It’s awful but we have a cure! #rev #forensics Solved together with: disconnect3d The challange was part of CTFZone 2018 Quals by BiZone. We are given a phonedump.zip.e87a72e6edd605e73ce49dc926fc6c87 file that after unzipping produces two files: backup.android and imageinfo.txt. cat-ting the la... https://allthingsreversed.io/20180705-handling-self-modifying-code-with-radare2.html https://allthingsreversed.io/20180705-handling-self-modifying-code-with-radare2.html Thu, 05 Jul 2018 04:58:29 +0000 radare2 self-modifying-code smc Handling self-modifying​ code with radare2 This is a post that explains a little bit in details what was shown in the two videos that could be watched on my YT channel. If you haven’t seen them and are not yet confused enough I recommend you go check them out. Watch on YouTube Watch on YouTube As they might not explain the topic enough well, let’s start from the beginning. A bit of theory Start... https://allthingsreversed.io/20180519-gynvael-en-mission-023-solution.html https://allthingsreversed.io/20180519-gynvael-en-mission-023-solution.html Sat, 19 May 2018 13:24:35 +0000 gynvael solution ctf mission GynvaelEN - Mission 023 - Solution Prefer videos? You can also watch it - if not, continue reading. Watch on YouTube Mission status: http://gynvael.vexillium.org/ext/43bf753f/mission023.txt We are given the package that consists of one .exe file and system.img. The .exe looks like a .NET application (default name for Console project is ConsoleApp1.exe) but we should check that before we do any ... https://allthingsreversed.io/20180428-krkanalytica-solution.html https://allthingsreversed.io/20180428-krkanalytica-solution.html Sat, 28 Apr 2018 02:02:14 +0000 ctf krkanalytica s3 aws stopkrkanalytica confidence Stop KrkAnalytica - solution NeverLeaks is in danger and your help is needed! An anonymous hacker reported that Krakow Analytica company had prepared some actions to sabotage a befriended producer of aircraft tanks - NeverLeaks. The sabotage campaign can be stopped only if you discover the secret codes, give an admin access to their systems. An anonymous whistleblower found out that Krakow Anal... https://allthingsreversed.io/20180410-gynvael-mission-22-solution.html https://allthingsreversed.io/20180410-gynvael-mission-22-solution.html Tue, 10 Apr 2018 11:46:46 +0000 gynvael mission solution risc-v Gynvael - Mission 22 - Solution This was a hard one. Information about this mission can be found in stream #64 and the mission itself is here. It’s in Polish but the most relevant information here is that there’s a RISC-V firmware that needs to be analyzed and password to be extracted. Analyze with R2. Since this was a RISC-V architecture we needed to start with an disassembler that knows it. M... https://allthingsreversed.io/20180401-gynvael-en-mission-022-solution.html https://allthingsreversed.io/20180401-gynvael-en-mission-022-solution.html Sun, 01 Apr 2018 21:28:19 +0000 gynvael mission solution spycoin blockchain GynvaelEN - Mission 022 - Solution Blockchain. *Coin. Hot topics for today. The 22nd mission is about blokchain and about coins. SpyCoins. The mission can be found on Stream #49. The SpyCoin center is here: http://gynvael.coldwind.pl/mission022_spycoin/ First failed attempt I’ve tried to mine SpyCoin. That would be an obvious solution to the challenge. Add a next block with a chunk that would t... https://allthingsreversed.io/20180330-gynvael-mission-021-solution.html https://allthingsreversed.io/20180330-gynvael-mission-021-solution.html Fri, 30 Mar 2018 21:51:55 +0000 gynvael mission solution Gynvael - Mission 021 - Solution The source for this mission can be found in stream 63. It is in Polish but it can be easily spotted that the main source is a PCAP file that can be downloaded from here. Wireshark(ing) Having this file on our disk, there isn’t much more to do just to open it in Wireshark. This is probably a go-to tool when it comes to analyzing PCAP-files. We can see there’s som... https://allthingsreversed.io/20180217-finding-praktyczna-inzyniera-wsteczna-last-hidden-flag.html https://allthingsreversed.io/20180217-finding-praktyczna-inzyniera-wsteczna-last-hidden-flag.html Sat, 17 Feb 2018 08:53:38 +0000 gynvael book praktyczna-inzynieria-wsteczna flag solution Finding “Praktyczna Inżyniera Wsteczna” last hidden flag. If you read this blog you can see that from time to time I participate in missions published by Gynvael Coldwind on his English and Polish streams. You might not know that he is an author of 2 (one self, one co-op) books in the similar topics that he presents on streams. Those are: “Zrozumieć programowanie” (ZP) and “Praktyczna inżyniera... https://allthingsreversed.io/20171219-follow-the-white-rabbit-solution.html https://allthingsreversed.io/20171219-follow-the-white-rabbit-solution.html Tue, 19 Dec 2017 07:34:50 +0000 solution job offer Assembly job offer… “Follow the white rabbit” solution In a cold November night I was standing at a bus stop and saw an advertisement on the streets of Wrocław. What was odd about it it was written purely in assembly. Ok, to tell you the truth I was nothing like that. In reality I was just browsing through my Facebook wall and see this on my screen. Immediately I wanted to have a look at it but... https://allthingsreversed.io/20171206-gynvael-mission-015.html https://allthingsreversed.io/20171206-gynvael-mission-015.html Wed, 06 Dec 2017 14:33:37 +0000 gynvael mission solution Gynvael - Mission 015 - Solution Last time, there was no mission on EN stream, so I’ve decided to describe the one from PL stream since it was also quite a nice one. The mission is located under https://goo.gl/rs1A2f and the most important part there is that it points to another download which appears to be WAVE file. So the obvious next step would be Audacity. It sounded familiar but I couldn’... https://allthingsreversed.io/20171123-gynvael-en-mission-19-solution.html https://allthingsreversed.io/20171123-gynvael-en-mission-19-solution.html Thu, 23 Nov 2017 17:50:41 +0000 gynvael mission solution GynvaelEN - Mission 19 - Solution Gynvael is back with streams and with missions. The 39th stream contains mission no 19 that can be found here. In this mission we are given a CHIP-8 ROM image. This is clearly a reference to the latest streams about this topic (#34, #35, #36, #37, #38). If you don’t know what Chip-8 is I recommend watching those. To be able to solve this challenge what we needs... https://allthingsreversed.io/20171114-ecsm-2017-ctf.html https://allthingsreversed.io/20171114-ecsm-2017-ctf.html Tue, 14 Nov 2017 16:01:35 +0000 ecsm cert solution p4 ECSM 2017 CTF I really liked the last year ECSM 2016 CTF created by CERT & p4 team and I was a bit down learning that this year it was scheduled on the days I was pretty busy traveling. In fact only yesterday I had some time to look closely (I did check briefly when the CTF started) at tasks and managed to solve 2. Since the competition has already ended here are my solutions. If the rest w... https://allthingsreversed.io/20171110-security-pwning-2017-p4-ctf.html https://allthingsreversed.io/20171110-security-pwning-2017-p4-ctf.html Fri, 10 Nov 2017 21:21:05 +0000 p4 ctf securitypwning solution SecurityPWNing 2017 - p4 CTF On 6th & 7th November 2017 there was a 2nd edition of Security Pwning conference held in Warsaw and, like the last time (link1, link2), there was a CTF organized by the P4 team. This year I did a bit better than the last time - 8th position (the last one with the prize) but could be better as at some point I was on the 5th. Here are solutions to the tasks I’ve m... https://allthingsreversed.io/20171015-gynvael-en-mission-018-solution.html https://allthingsreversed.io/20171015-gynvael-en-mission-018-solution.html Sun, 15 Oct 2017 17:34:55 +0000 gynvael mission solution GynvaelEN - Mission 018 - Solution This is an another GynvaelEN mission solution. This time, the task is simple. We’re given a script and we need to find the correct password to get the flag. [code] Your flag: $FLAG_ADMIN “); } else { echo “MD5: “ . md5($_GET[‘password1’]) . “ “; echo “SHA1: “ . sha1($_GET[‘password2’]) . “ “; die (“You don’t look like an admin.”); } } else { show_source(‘admin... https://allthingsreversed.io/20171008-gynvael-mission-012-solution.html https://allthingsreversed.io/20171008-gynvael-mission-012-solution.html Sun, 08 Oct 2017 22:05:31 +0000 gynvael mission solution Gynvael - Mission 012 - Solution This mission was on the Polish stream, but it’s a nice one so I’ve decided to describe it anyway. If you don’t understand the language let me quickly bring you up to speed - you are given a ZIP file in order to extract a data from it. Of course ZIP is created with a password and the info that’s given informs us that the password is of very good quality. The very... https://allthingsreversed.io/20171008-how-do-i-approach-this-ctf-debugging-program-step-by-step.html https://allthingsreversed.io/20171008-how-do-i-approach-this-ctf-debugging-program-step-by-step.html Sun, 08 Oct 2017 21:19:25 +0000 ctf crackme solution smoothie How do I approach this ctf debugging program - step by step Another good question from RE on Stack Exchange. I’ve already posted an answer there, but here let’s put a bit more explanation and answer the question in the title. So how do you approach this CTF challenge? Well basically the same way you would do with all the other ones. You analyze it and analyze it until you are familiar with it y... https://allthingsreversed.io/20171005-gynvael-en-mission-17-solution.html https://allthingsreversed.io/20171005-gynvael-en-mission-17-solution.html Thu, 05 Oct 2017 09:27:30 +0000 gynvael solution mission GynvaelEN - Mission 17 - Solution Another stream from Gynvael - another mission. This time we need to extract a message from a restricted admin panel. What we see on the page is a welcome message, and an info that the cookie was stored and a request to reload the page. So he “Hit Refresh” (;)) and we get this. Decrypted cookie data: {“access_level”:”user”} ACCESS TO THE FLAG DENIED! Only admin ... https://allthingsreversed.io/20170928-gynvael-en-mission-16-solution.html https://allthingsreversed.io/20170928-gynvael-en-mission-16-solution.html Thu, 28 Sep 2017 14:51:00 +0000 gynvael mission solution GynvaelEN - Mission 16 - solution Another week another mission on English side of the youtube channel. This time we are given an info that the transmission was intercepted. You can read more info here. After inspecting the link we are given a huge file of ascii printable characters that looks like base64 string. So we run this through simple .decode('base64') in Python and we get a binary data ... https://allthingsreversed.io/20170925-reverse-engineering-of-managed-crackme-solution.html https://allthingsreversed.io/20170925-reverse-engineering-of-managed-crackme-solution.html Mon, 25 Sep 2017 21:39:41 +0000 crackme stackexchange net dnspy Reverse engineering of Managed C++/C# CrackMe - solution A nice question was posted on Reverse Engineering at Stack Exchange and since it was a an interesting one I’ve decided to give a bit of lengthy description here (apart from my answer there). The question can be found here and the OP asks about a bit different things there. Anyway… It all started with OP wrongly identifying it as a C# Crac... https://allthingsreversed.io/20170921-gynvael-en-mission-15-solution.html https://allthingsreversed.io/20170921-gynvael-en-mission-15-solution.html Thu, 21 Sep 2017 16:11:02 +0000 gynvael mission solution GynvaelEN - Mission 15 - Solution Another Wednesday, another mission. This time we’ve got a vulnerability that allows leaking any file as an image - link :) So we download the attached image and got this: The immediate conclusion is that the bars represent chars in the file and the ascii value are represented by the bar height. Let’s verify this with a short python script [code] #mission_15.py ... https://allthingsreversed.io/20170908-gynvael-mission-010-solution.html https://allthingsreversed.io/20170908-gynvael-mission-010-solution.html Fri, 08 Sep 2017 07:25:24 +0000 gynvael solution mission Gynvael - Mission 010 - Solution This mission is actually published on the Polish stream but I’ve decided to write the solution here, in English. So what’s this mission is about? We are given the PDF file with the instructions to retrieve the hidden message. If you didn’t know it already, PDF is quite an interesting file format and can contain a lot of information. The approach in such tasks ca... https://allthingsreversed.io/20170814-gynvael-en-mission-14-solution.html https://allthingsreversed.io/20170814-gynvael-en-mission-14-solution.html Mon, 14 Aug 2017 06:36:37 +0000 gynvael mission GynvaelEN - Mission 14 - Solution Stream: https://www.youtube.com/watch?v=rhsH-snYkIc Mission link: https://goo.gl/oUg99i Damn it, how will I ever get out of this labyrinth? ― Simón Bolívar This mission in comparison to the previous one was an easy one. This was a PPC category (programming). In this one we’re give a log file and the application that produced it. So our task is to retrieve the i... https://allthingsreversed.io/20170811-gynvael-en-mission-13-solution.html https://allthingsreversed.io/20170811-gynvael-en-mission-13-solution.html Fri, 11 Aug 2017 14:20:00 +0000 mission solution GynvaelEN - Mission 13 - Solution “Never stop dreaming, never stop believing, never give up, never stop trying, and never stop learning.” ― Roy T. Bennett, The Light in the Heart Boy, that was a hard one but also very challenging task. In this mission we’re given a PCAP file and an information that we’ve intercepted a remote GDB session. When I saw that info I’ve immediately got a flashback fro... https://allthingsreversed.io/20170805-gynvael-en-mission-12-solution.html https://allthingsreversed.io/20170805-gynvael-en-mission-12-solution.html Sat, 05 Aug 2017 07:08:56 +0000 gynvael mission solution GynvaelEN - Mission 12 - Solution In this mission we are given the data from the hardware logger. On the first look we see some printable characters but nothing obvious. To solve this we need to get some knowledge about scancodes. The article on Wiki gives some clue that we might be on a right track as it is mentioning the F0 prefix that we see in the data: 58 f0 58 1b f0 1b... but it lacks the... https://allthingsreversed.io/20170804-gynvael-en-mission-11-solution.html https://allthingsreversed.io/20170804-gynvael-en-mission-11-solution.html Fri, 04 Aug 2017 18:38:20 +0000 gynvael mission solution GynvaelEN - Mission 11 - Solution If you don’t know Gynvael - check his channel where he shows some RE/hacking stuff. After each video he posts some small challenge for solving by viewers. In this post I’ll show how to solve mission 11. In this task we’re given a file that is the “firmware”. When we open the file it is immediately known that it’s a python byte code. If you don’t know it - it’s ... https://allthingsreversed.io/20170624-sha2017-teaser.html https://allthingsreversed.io/20170624-sha2017-teaser.html Sat, 24 Jun 2017 07:48:38 +0000 sha-2017 teaser SHA2017 Teaser On last Saturday there was a SHA2017 teaser and here are some tasks solutions. I’ll skip the ‘Are you safe?’ task as it was a simple provide a domain with SSL certificate that would score A/A+ on SSL Labs! Follow Me (Web 100) The task has simple instruction. We are tracking a hacker, can you help us track the hacker down and bring him to justice? And we are taken to the page wher... https://allthingsreversed.io/20161222-i-know-i-know-nothing-2.html https://allthingsreversed.io/20161222-i-know-i-know-nothing-2.html Thu, 22 Dec 2016 16:32:10 +0000 I know I know nothing* Learning for CTF is hard. Different type of puzzles and lack of You never know what you can expect so you need to sharpen your saw constantly. With some difficult challenge presented during CTF probably everyone feels that they don’t know enough. I had this feeling during the last CTF weekend (#WhiteHat, #SharifCTF). I’ve decided to list all the places where I can find us... https://allthingsreversed.io/20161211-seccon-2016.html https://allthingsreversed.io/20161211-seccon-2016.html Sun, 11 Dec 2016 14:01:20 +0000 ctf seccon SECCON 2016 Yesterday (actually it has just finished today at 7 AM CET) there was a 24h SECCON CTF. We did took part in it, collected 5100 pts and came 6th. Here are the tasks I’ve solved. basiq - Web 100 basiq What is admin’s password?☺ http://basiq.pwn.seccon.jp When we enter the given site we can see that it’s some kind of car racing site. We can see a login panel and signup button. We can e... https://allthingsreversed.io/20161128-ecms-2016-ctf.html https://allthingsreversed.io/20161128-ecms-2016-ctf.html Mon, 28 Nov 2016 11:50:00 +0000 ctf ecms cert ECSM 2016 CTF There’s a little CTF developed by CERT and p4 CTF team that I was cracking my brain at few days ago. I found it quite enjoyable so I’ve put a written solution for it. The whole CTF is in Polish but the solution here will be provided in English. Let’s begin. Reconnaissance We start at https://ecsm2016.cert.pl where we are informed that we should investigate a malicious file that wa... https://allthingsreversed.io/20161127-security-pwning-ctf-by-p4-cont.html https://allthingsreversed.io/20161127-security-pwning-ctf-by-p4-cont.html Sun, 27 Nov 2016 08:39:57 +0000 ctf More solutions to the Security Pwning CTF by p4, starting with the Bulletproof Login Server web challenge and its remember_me cookie. https://allthingsreversed.io/20161122-qiwi-infosec-ctf-rc3-ctf.html https://allthingsreversed.io/20161122-qiwi-infosec-ctf-rc3-ctf.html Tue, 22 Nov 2016 12:13:14 +0000 Qiwi Infosec CTF & RC3 CTF Last week there were two CTFs I’ve participated in. Qiwi-Infosec CTF-2016 & RC3 CTF 2016 were both quite an interesting. The first one, due to being during the week, I couldn’t give as much hours as I could. In the second one I gave much more time & energy but it was worth it. Qiwi-Infosec CTF-2016 Reverse_100_2 (Reverse 100) I have a snake. CrackMe!. The ... https://allthingsreversed.io/20161114-security-pwning-ctf-by-p4.html https://allthingsreversed.io/20161114-security-pwning-ctf-by-p4.html Mon, 14 Nov 2016 19:48:32 +0000 ctf Security Pwning CTF by p4 A few days ago, I’ve attended a Security PWNing 2016 conference in Warsaw. There was a CTF during the event in which I took part and solved few tasks. The CTF was organized by p4 team. If you want to have a try it’s still available at https://pwning2016.p4.team. It’s in polish but I guess google translate can help here. Web 50 - Trawersujące koty (Traversing cats) The ... https://allthingsreversed.io/20161028-ekoparty-ctf.html https://allthingsreversed.io/20161028-ekoparty-ctf.html Fri, 28 Oct 2016 20:25:29 +0000 ctf ekoparty EKOPARTY CTF Another CTF during in the week - I hate that (I can’t participate as much as I want to) but anyway I took part in this CTF too. My contribution: tasks solved: 2 points: 150 time spent: 12h 32m As stated above I’ve only managed to solve 2 tasks but actually one of them - web 100 - was quite interesting. It wasn’t a difficult one but a lot of people had trouble with them. Super duper... https://allthingsreversed.io/20161022-hack-lu-2016.html https://allthingsreversed.io/20161022-hack-lu-2016.html Sat, 22 Oct 2016 13:21:43 +0000 ctf hack-lu Hack.lu 2016 Hack.lu a 24h CTF contest that I was attending after the HitCon. It was challenging for me due to the fact that it was during the week (Wednesday 10:00 UTC - Thursday 10:00 UTC). Again during this CTF I was playing with the Dragons (Dragon Sector team). I’ve attempted to solve two tasks and managed to get the flag for one of them. I’ve also learnt a lot in terms of how to approach ... https://allthingsreversed.io/20161011-hello-hitcon-2016-ctf.html https://allthingsreversed.io/20161011-hello-hitcon-2016-ctf.html Tue, 11 Oct 2016 20:34:09 +0000 hitcon-2016 ctf Hello HitCon 2016 CTF This is the very first post on this blog so it serves as ‘Hello world’ in my journey through the world of CTFs. I was always into this kind of challenges from quite a long time. I was doing some kind of security tasks from sites like wechall.net, http://www.bright-shadows.net or Rankk. I was also for a short time taking part in CTFs from ctftime.org but I was lacking a goo...