9447 writeup reverse_rolling

•Download as PPTX, PDF•

0 likes•441 views

The document discusses reversing an encryption algorithm to find a flag. It notes that the encryption starts with "9447" and relates each character's index i to the character at index i-4 with an offset. The offsets provided decode to the flag "9447{9447rollingisfun}". References for more information are also provided.

Technology

• Windows 8.1
• IDA 6.6
• Kali Linux adm64
• EDB (動態調適器)

Libc 6 required
• To solve it, add the following line to the sources.list:
• deb http://ftp.debian.org/debian sid main
• Then install a new linbc:
• apt-get update
• apt-get -t sid install libc6-dev

Call rax?
• 轉動態調適
• 過 4006c7 直接 F7 進 call rax
• 觀察1
• 參數給 test

• "57 102 108 97 103 115 115
116 97 114 116 119 105 116
104 57",
• which is "9flagsstartwith9"

• 觀察二
• Start with 9: 參數給 “9abc123”
• rax 指向另一檢查 function

結論
• 開頭是 9447
• 接下來 ith char 都 relate 到 (i-4)th char
• 用 (i-4)th char + {offset}
• Offsets: +57 +59 +56 +53 -9 -1 -5 -3 +10 -8 +14 +5
• => flag is: “9447{9447rollingisfun}”

Ref.
• http://theevilbit.blogspot.tw/2014/12/9447-ctf-2014-writeup-
reversing-125100.html

Recently our team researched various ntos subsystem attack vectors, and one of the outputs we will present in our talk. DeathNote as our internal code name to this component, which resides in Microsoft Windows kernel, hiding behind different interfaces and exposed to user differently. What can goes bad with it? Basically two kinds of problems, one is syscall handling via direct user interaction. We will describe how to obtain basic understanding of what's going on, how it interacts with other components and what is its purpose. With those knowledge we will dig deeper how to make more complex fuzzing logic to cause enough chaos that will end up in unexpected behaviors in Windows kernel, and demonstrate some of them. And as for second, as it hints from title, this module does bit of data parsing, so we will dive deep into internals, pointing out some available materials, and move on to reverse engineered structures and internal mechanism. We will show how some tricks can outcome with various results, and how structured approach can expose more problems than is expected. --- Peter Hlavaty Peter is a Lead for Windows Kernel Research at Keen Lab of Tencent (originally known as KEEN Team). With primary focus on vulnerability discovery and novel exploitation techniques dev. Presenting his research on various conferences such as Recon, Syscan, ZeroNights, NoSuchCon and others. Prior to Keen, Peter was AV (ESET) guy, with 4+ years of experience in that field switched to offensive software security research focused on windows and linux kernel architectures. Pwnie nominee and pwn2own 2015 & 2016(MoP) winner, occasionally CTF player. Besides software security field, doing his best as wushu player as well. --- Jin Long 金龙 Tencent Keen Security Lab researcher, 6 years programming experience, 4 years security experience. Former TrendMicro employee, now focused on Windows security research at Keen Security Lab. Pwn2Own 2016 winner (Master of Pwn by final Edge to SYSTEM escape).

Logstash

琛琳饶

'Scalable Logging and Analytics with LogStash'

Cloud Elements

Rich Viet, Principal Engineer at Cloud Elements presents 'Scalable Logging and Analytics with LogStash' at All Things API meetup in Denver, CO. Learn more about scalable logging and analytics using LogStash. This will be an overview of logstash components, including getting started, indexing, storing and getting information from logs. Logstash is a tool for managing events and logs. You can use it to collect logs, parse them, and store them for later use (like, for searching).

Logging with Elasticsearch, Logstash & KibanaAmazee Labs

How bol.com makes sense of its logs, using the Elastic technology stack.

Renzo Tomà

Presentation given by Renzo Tomà as "Tech and Use Case Deep Dive", during the Elastic{ON}Tour 2015 event in Amsterdam on October 29th. Explanation of how bol.com is using the Elastic ELK stack to power a logsearch platform. Lots of details on the types of sources and number of feeds. Some history and reasoning why the current set of in-process JSON based logshippers are used. Links to the bol.com github account for the logshipper projects. The presentation ends with two special sauces: fun things you can do with lots of data in Elasticsearch. The 1st sauce is 'the call stack' - tagging each request with a unique ID, passing that ID along to all service calls and making sure this ID ends up in all access logging, enables you to group all calls together and get a call stack. The 2nd sauce is a way of generating a service map using access logging and some logstash magic. I love questions and feedback. My mail address can be found in the presentation.

A presentation about the deployment of an ELK stack at bol.com At bol.com we use Elasticsearch, Logstash and Kibana in a logsearch system that allows our developers and operations people to easilly access and search thru logevents coming from all layers of its infrastructure. The presentations explains the initial design and its failures. It continues with explaining the latest design (mid 2014). Its improvements. And finally a set of tips are giving regarding Logstash and Elasticsearch scaling. These slides were first presented at the Elasticsearch NL meetup on September 22nd 2014 at the Utrecht bol.com HQ.

Devoxx france 2015 influxdb

Nicolas Muller

Exploits & Mitigations - Memory Corruption Techniques

Cysinfo Cyber Security Community

Openstack 簡介

kao kuo-tung

Working with large archives in AtoM in National Library of Wales

Vicky-Phillips

Arvados: Achieving Computational Reproducibility and Data Provenance in Large...

Arvados

HD5870 Matrix Factory

JawedAshraf

Faceting Optimizations for Solr: Presented by Toke Eskildsen, State & Univers...

Lucidworks

Utilizing the open ntf domino api

Oliver Busse

Logstash family introduction

Owen Wu

Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.

Airat Khisamov

Influxdb

Nguyen Ngoc Lieu

Webinar: What's new in Neo4j 2.0 Neo4j

Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana

Md Safiyat Reza

Apk 分析工具整理

Pu Lee

Fiddler 網頁除錯工具

Pu Lee

What's hot

Apache zeppelin, the missing component for the big data ecosystem

Duyhai Doan

証明駆動開発のたのしみ@名古屋reject会議Hiroki Mizuno

{{more}} Kibana4

琛琳饶

Enable IPv6 on Route53 AWS ELB, docker and node App

Fyllo

Habits of Effective Sqoop Users

Kathleen Ting

Logging logs with Logstash - Devops MK 10-02-2016

Steve Howe

Scaling an ELK stack at bol.com

Renzo Tomà

Devoxx france 2015 influxdb

Nicolas Muller

Exploits & Mitigations - Memory Corruption Techniques

Cysinfo Cyber Security Community

Openstack 簡介

kao kuo-tung

Working with large archives in AtoM in National Library of Wales

Vicky-Phillips

Arvados: Achieving Computational Reproducibility and Data Provenance in Large...

Arvados

HD5870 Matrix Factory

JawedAshraf

Faceting Optimizations for Solr: Presented by Toke Eskildsen, State & Univers...

Lucidworks

Utilizing the open ntf domino api

Oliver Busse

Logstash family introduction

Owen Wu

Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.

Airat Khisamov

Influxdb

Nguyen Ngoc Lieu

Webinar: What's new in Neo4j 2.0 Neo4j

Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana

Md Safiyat Reza

What's hot (20)

Apache zeppelin, the missing component for the big data ecosystem

証明駆動開発のたのしみ@名古屋reject会議

{{more}} Kibana4

Enable IPv6 on Route53 AWS ELB, docker and node App

Habits of Effective Sqoop Users

Logging logs with Logstash - Devops MK 10-02-2016

Scaling an ELK stack at bol.com

Devoxx france 2015 influxdb

Exploits & Mitigations - Memory Corruption Techniques

Openstack 簡介

Working with large archives in AtoM in National Library of Wales

Arvados: Achieving Computational Reproducibility and Data Provenance in Large...

HD5870 Matrix Factory

Faceting Optimizations for Solr: Presented by Toke Eskildsen, State & Univers...

Utilizing the open ntf domino api

Logstash family introduction

Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.

Influxdb

Webinar: What's new in Neo4j 2.0

Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana

Viewers also liked

Apk 分析工具整理

Fiddler 網頁除錯工具

Android 逆向之旅(下)

Android 逆向之旅(上)

Git Flow 管理

Pxe網路開機

Viewers also liked (6)

Apk 分析工具整理

Fiddler 網頁除錯工具

Android 逆向之旅(下)

Android 逆向之旅(上)

Git Flow 管理

Pxe網路開機

Recently uploaded

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

The Future of Platform Engineering

Jemma Hussein Allen

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Generating a custom Ruby SDK for your web service or Rails API using Smithy

g2nightmarescribd

Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Product School

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

Recently uploaded (20)

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

When stars align: studies in data quality, knowledge graphs, and machine lear...

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Monitoring Java Application Security with JDK Tools and JFR Events

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

The Future of Platform Engineering

Connector Corner: Automate dynamic content and events by pushing a button

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Generating a custom Ruby SDK for your web service or Rails API using Smithy

The Art of the Pitch: WordPress Relationships and Sales

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

Securing your Kubernetes cluster_ a step-by-step guide to success !

PCI PIN Basics Webinar from the Controlcase Team

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

Leading Change strategies and insights for effective change management pdf 1.pdf