Difference between revisions of "CTF-practice-evening:2014-02-24"
(18 intermediate revisions by the same user not shown) | |||
Line 19: | Line 19: | ||
* We're happy with our performance at the Codegate CTF! | * We're happy with our performance at the Codegate CTF! | ||
* Exploiting assembly code with a debugger is still one of our largest hurdles (with the exception of a few people) | * Exploiting assembly code with a debugger is still one of our largest hurdles (with the exception of a few people) | ||
− | |||
− | |||
− | |||
− | |||
− | |||
* Discussion of problems - we discussed: Weirdshark and 120 | * Discussion of problems - we discussed: Weirdshark and 120 | ||
Line 29: | Line 24: | ||
** We'll email a link to the write-ups when they are available, and can discuss them on the mailing list. | ** We'll email a link to the write-ups when they are available, and can discuss them on the mailing list. | ||
− | * We definitely need to have an IDA Pro reversing evening -- we'll plan this in | + | == Infra issues == |
+ | * Marielle saved a copy of the pad contents from Riseup.net (before it disappears), and will email a link to the ctf mailing list | ||
+ | * We need a better way of sharing stuff | ||
+ | * Dimitris setup some great infra, including a file uploader | ||
+ | ** Melanie sent a link to the CTF mailing list with the URL and the login credentials | ||
+ | ** Melanie wasn't able to successfully upload IDA Pro though -- file size limit issues | ||
+ | ** Another limitation is that we can't arrange things into folders ourselves | ||
+ | ** Coolfile also setup a Knuffelhackers (FTP) server, (and emailed the details to the ctf list), since 2 options are better than 1 :-) | ||
+ | |||
+ | * During the next CTF, we should definitely use Dimitris' Etherpad infrastructure: | ||
+ | ** http://0x41414141.info/pad/ | ||
+ | |||
+ | == IDA Pro == | ||
+ | * IDA Pro was AWESOME for decompiling and reversing!!! | ||
+ | ** We definitely need to have an IDA Pro reversing evening -- we'll plan this in | ||
** But first we need to share it with everybody | ** But first we need to share it with everybody | ||
** Melanie created a Windows VM with IDA. She can share it with everybody once the file sharing infrastructure is ready.. | ** Melanie created a Windows VM with IDA. She can share it with everybody once the file sharing infrastructure is ready.. | ||
− | = | + | == Next CTF == |
+ | * Next CTF? We are thinking that 1 CTF/month is a good amount.. enough to keep us in practice, but not too much to burn people out (because CTFs suck up an entire weekend.) | ||
+ | ** If VUBAR plays on other weekends, that is always an option for people who want to play more than once/month | ||
+ | ** We aren't sure yet which one we want to do. We are going to look at ctftime.org, think about it, and come back with ideas next week | ||
− | * We're gonna look at Chapter | + | = Intro to x86 Disassembly = |
+ | |||
+ | * We're gonna look at Chapter 2 (Programming - start at Page 19 'Getting your hands dirty') of this book: | ||
** [http://rogunix.com/docs/Reversing&Exploiting/Hacking%20-%20The%20Art%20of%20Exploitation_2nd%20Ed.pdf Hacking: the Art of Exploitation] | ** [http://rogunix.com/docs/Reversing&Exploiting/Hacking%20-%20The%20Art%20of%20Exploitation_2nd%20Ed.pdf Hacking: the Art of Exploitation] | ||
** You can get the Live CD [http://www.nostarch.com/hackingCD.htm here] | ** You can get the Live CD [http://www.nostarch.com/hackingCD.htm here] | ||
+ | |||
+ | * We talked about calling conventions (cdecl, stdcall, fastcall, etc…) and how they influence function prologues/epilogues/stack cleanup/order of parameter passing/etc… | ||
+ | ** Homework - have a look at: [http://en.wikibooks.org/wiki/X86_Disassembly/Calling_Conventions Wikibooks:Calling_Conventions] | ||
+ | * Explanation of commonly used x86 ASM commands: [http://coolfire.insomnia247.nl/BMA/X86_Win32_Reverse_Engineering_Cheat_Sheet.pdf Reverse Engineering Cheat Sheet] | ||
+ | * Commonly used gdb commands: [[GDB-Tips]], [http://darkdust.net/files/GDB%20Cheat%20Sheet.pdf GDB Cheat Sheet] | ||
+ | |||
+ | * We went through pages 19-30 on the beamer, and interactively with GDB in the live CD, with people asking questions | ||
+ | ** Homework: read pages 1-30 of 'Hacking: the Art of Exploitation' in detail (following along in the Live CD) |
Latest revision as of 22:48, 24 February 2014
CTF-practice-evening:2014-02-24 | |
---|---|
Date | 2014/02/24 |
Time | |
Location | ACTA |
Type | Workshop |
Contact | Melanie |
Contents
Capture The Flag evening - Part 8
- 24 February, 2014 - 7 PM
- Please bring along a laptop with you!!!
General CTF Info
- See the page for the Ctf-evenings
- Link to the Tech Inc Challenge Website Scoreboard
Codegate Retrospective
- We're happy with our performance at the Codegate CTF!
- Exploiting assembly code with a debugger is still one of our largest hurdles (with the exception of a few people)
- Discussion of problems - we discussed: Weirdshark and 120
- The write-ups for Codegate on CTFtime.org still aren't available yet!
- We'll email a link to the write-ups when they are available, and can discuss them on the mailing list.
Infra issues
- Marielle saved a copy of the pad contents from Riseup.net (before it disappears), and will email a link to the ctf mailing list
- We need a better way of sharing stuff
- Dimitris setup some great infra, including a file uploader
- Melanie sent a link to the CTF mailing list with the URL and the login credentials
- Melanie wasn't able to successfully upload IDA Pro though -- file size limit issues
- Another limitation is that we can't arrange things into folders ourselves
- Coolfile also setup a Knuffelhackers (FTP) server, (and emailed the details to the ctf list), since 2 options are better than 1 :-)
- During the next CTF, we should definitely use Dimitris' Etherpad infrastructure:
IDA Pro
- IDA Pro was AWESOME for decompiling and reversing!!!
- We definitely need to have an IDA Pro reversing evening -- we'll plan this in
- But first we need to share it with everybody
- Melanie created a Windows VM with IDA. She can share it with everybody once the file sharing infrastructure is ready..
Next CTF
- Next CTF? We are thinking that 1 CTF/month is a good amount.. enough to keep us in practice, but not too much to burn people out (because CTFs suck up an entire weekend.)
- If VUBAR plays on other weekends, that is always an option for people who want to play more than once/month
- We aren't sure yet which one we want to do. We are going to look at ctftime.org, think about it, and come back with ideas next week
Intro to x86 Disassembly
- We're gonna look at Chapter 2 (Programming - start at Page 19 'Getting your hands dirty') of this book:
- Hacking: the Art of Exploitation
- You can get the Live CD here
- We talked about calling conventions (cdecl, stdcall, fastcall, etc…) and how they influence function prologues/epilogues/stack cleanup/order of parameter passing/etc…
- Homework - have a look at: Wikibooks:Calling_Conventions
- Explanation of commonly used x86 ASM commands: Reverse Engineering Cheat Sheet
- Commonly used gdb commands: GDB-Tips, GDB Cheat Sheet
- We went through pages 19-30 on the beamer, and interactively with GDB in the live CD, with people asking questions
- Homework: read pages 1-30 of 'Hacking: the Art of Exploitation' in detail (following along in the Live CD)