Here are some of my blogs from CTF write-up and other things of interest to me.

Posts

  • picoCTF - Insp3ct0r with Jupyter

    I am experimenting with Juypter notebooks for solving CTF problems. Here is a notebook converted to a blog entry. You can find the original Jupyter Notebook file here

    Problem Statement

    Kishor Balan tipped us off that the following code may need inspection: https://2019shell1.picoctf.com/problem/63975/ or http://2019shell1.picoctf.com:63975

    Read more »
  • picoCTF 2019 - Shark on the Wire 2 aka 'Mama Shark'

    Back to another picoCTF challenge, this time to a challenge that is more in my wheel house. Network traffic forensics… specifically “shark on the wire 2” for 300 points. There is a first challenge in this series, which would be Baby Shark so this one is Mama Shark

    Read more »
  • picoCTF 2019 - Overflow 1 - 'A PWNy For Your Thoughts'

    I have never really been that great at binary exploitation challenges. But I am fascinated with return oriented programming attacks and the concept of weird machines. To this end, I am intentionally working on getting better and wanted to blog about some of my recent work with pwn challenges and some cool tools and tricks I have learned. This is very much an introductory coverage of a binary exploitation, but maybe even those more experienced will see something new here. This will hopefully be the first of many posts on pwn and lead to some rop challenges.

    Read more »
  • RC3CTF 2017 - Math Class Writeup

    I participated with BitsForEveryone in RC3CTF. There were five coaches from the C3T team competing and we finished in 12 place with a total of 1850 points. Pretty good showing. Lots of interesting problems.

    Though we did not get the 400 points for this problem since I finally solved it 20 minutes after the end of the competition, I want to post a writeup since it was very cool.

    This problem was worth 400 points and was the 4th in a series of classroom or school themed problems in the crypto category. English class, Science Class, History Class, Math Class and finally Report Card were the series of five challenges, worth 100,200,300,400 and 500 points. We did successfully solve Science and History for those 500 points.

    We are presented with a PDF file containing a series of two digit addition problems as shown below.

    math_problems

    Read more »
  • C3T Tryout Challenges - Stevie and Ray

    For our internal CTF for tryouts the past two years, I have had a series of challenges called Stevie and Ray.

    These challenges were favorites with the cadets. Both challenges were released in the Fall 2016 challenge with many solves for the first part, but none for the second. For Fall 2017, I re-released Stevie and Ray 2 and it had 3 or 4 solves this semester. In this post, I will reveal the details of how Stevie and Ray are created, and how they can be solved.

    StevieNJamie

    Stevie Wonder and Jamie Foxx playing the role of the late great Ray Charles

    Read more »
  • C3T Tryouts

    Wanna be a Wizard?

    Use your magic time traveling eye and find the flag on this site

    Read more »
  • Gamification in a Network Engineering Class

    In my IT350 course, I like to add some capture the flag events on the final project as bonus questions. I take this opportunity to expose the students to CTF games and also allow them to go deeper on a subject that has been covered in class.

    This semester I had a three part problem with three flags. The first two flags were worth three points each and the last one was for four points. The flags were to be solved in order and the difficult increased with each one. Below is the problem statement given in the assignment:

    Read more »
  • EECS cadets, faculty enter live Codewarz for first time

    This article previously appeared here.

    Codewarz is a programming competition designed by and for active duty cyber Soldiers to sharpen computer programming and coding skills of Soldiers in a world with constant cyber challenges. Codewarz is hosted by the Cyber Protection Brigade at Fort Gordon, Georgia and it hosts a series of programming competitions throughout the year.

    The competitions have two components, live and online competitions. The live competition was held for the first time at the U.S. Military Academy Jan. 21.

    “The event features programming challenges that include a wide range of topics from traditional computer science type problems to more applied cyber-related problems,” Maj. Benjamin Klimkowski, assistant professor in the Electoral Engineering and Computer Science Department, said.

    Read more »
  • 2016 SANS Holiday Hack Challenge Writeup

    The great folks at SANS and CounterHack have brought us another adventure in the land of Josh and Jessica Dosis. This years challenge is called Santa’s Business Card. The game can be found here. After saving the world from the nefarious plot of the ATNA Corporation last year, siblings Josh and Jessica find themselves in a pickle when Santa gets kidnapped from there house on Christmas Eve. All that is left is Santa’s business card. Its up to us to help the Dosis kids save Christmas (again…).

    Read more »
  • Cadet Competitive Cyber Team finishes in Top 10 at competition

    This article previously appeared here.

    Four members of the Cadet Competitive Cyber Team (C3T) spent 36 straight hours over Veterans Day Weekend hacking into New York University, Tandon School of Engineering computers. These actions were fully endorsed by NYU and part of the Cyber Security Awareness Week (CSAW) North American Capture the Flag (CTF) Championship.

    This annual event features teams from the top computer science schools in the nation. West Point’s team advanced to the championship round for the sixth straight year, and finished in ninth place—the highest finish ever for the team known in hacking competitions as BitsForEveryone (BFE).

    Read more »
  • 2016 EKO Party CTF Old But Gold Writeup

    As part of BitsForEveryone, I competed in EKO Party CTF 2016. This CTF had a great Misc 250 point challenged called “Old But Gold.”

    My students immediately pointed this challenge out to me since they knew I loved punch cards. A few months prior, I had written a challenge for our internal try-out CTF in which they were given a base64 encoced ascii art image of an IBM-29 punch card with a message encoded for them. It was a favorite for the students. It took me about 20 minutes to repurpose my code to solve this challenge.

    Read more »