usd hacking challenge 2016 writeup: token 5

The last token was hidden in a downloadable binary. It was announced on the challenge website as "reversing" and as "harder" than the other challenges. By many people's standards it probably was not really that hard, however, I never had any 1337 r3v3R1ng sk1llz to begin with, and my knowledge of assembly and using gdb is decidedly rusty, so finding this token certainly took me a while.

continue reading

usd hacking challenge 2016 writeup: token 4

This very nice networking challenge with some light crypto thrown in had me using old and proven techniques like ARP spoofing, but also got me acquainted with a slick new tool I had not used before. It was also partly based on a recent real-life security disaster. I really enjoy networking challenges, and this one was no exception.

continue reading

usd hacking challenge 2016 writeup: token 3

SQL injection has always been a favorite and can be quite an art. I regret not having had the chance so far to really learn about its finer points. This one here was fun, even though relatively basic as far as the actual injection was concerned. It focused on filter evasion and featured an interesting initial hurdle.

continue reading