I did not solve this level. The description involved solving a maze using A* search algorithm in Python. I tried implementing the algorithm but could not get the correct output/flag within the limited time frame of the CTF. This level required significant programming skills that I did not possess.
A collection of techniques that allow users to escalate privileges to local administrator and then to NT Authority\System. On a windows domain readers can use the described techniques to escalate to domain administrators.
The document provides a walkthrough for 12 levels of the HackIM 2011 capture the flag competition. For each level, it describes any hints or clues, screenshots of relevant information, and step-by-step instructions for solving the level. It also identifies potential pitfalls or distractions in solving each level. The walkthrough is intended to help participants learn how to solve the various challenges of the HackIM competition.
My solution to malware.lu HackGyver's challenges.Aodrulez
The document describes the author's process for solving two challenges presented in malware binaries - one for Windows and one for Linux. For the Windows binary, the author used IDA Pro and Ollydbg to analyze the code and determine that the valid PIN was 5 characters long. An AutoIT script was created to brute force all possibilities, finding the PIN "13044" within 30 minutes. The Linux binary challenge was initially avoided due to time constraints but was analyzed the next day using GDB after the author's internet was down.
writing self-modifying code and utilizing advanced assembly techniquesRussell Sanford
This document provides instructions for creating shellcode using only alphanumeric characters. It begins by outlining the plan, which is to use IMUL and XOR instructions to reconstruct bytes not in the alphanumeric range. It then provides a blueprint, explaining how IMUL and XOR can be used to generate needed values. The first code example walks through transforming an existing 24-byte shellcode into an alphanumeric version by pushing and popping values and using XOR to zero registers.
Reverse-engineering: Using GDB on LinuxRick Harris
At Holberton School, we have had a couple rounds of a ‘#forfun’ project called crackme. For these projects, we are given an executable that accepts a password. Our assignment is to crack the program through reverse engineering.
I just cannot pass by the source code of ICQ messenger. It is a kind of a cult project, and when I saw the source code on GitHub, it was just a matter of time, when we will check it with PVS-Studio. Of course, we have a lot of other interesting projects that are waiting to be checked. For example, we have recently checked GCC, GDB, Mono. Finally, it's the turn of ICQ.
The document provides hints and solutions for various levels of a CTF (capture the flag) competition. It includes 7 sections with 5 levels each related to topics like trivia, cryptography, programming, web exploitation, reverse engineering, log analysis, and forensics. For each level, it describes the challenge, any provided hints, analysis of clues, and the final flag solution. The author encourages readers to try solving the challenges independently before reviewing the writeup.
Archeology for Entertainment, or Checking Microsoft Word 1.1a with PVS-StudioAndrey Karpov
The document discusses analyzing the source code of Microsoft Word 1.1a from 1990 using the PVS-Studio static analyzer. Some key findings include:
1. An infinite loop was found in a function due to an unsigned variable being decreased indefinitely.
2. A typo led to an array overrun by accessing beyond the bounds of a 5 element array.
3. Several instances of undefined behavior were discovered where variables were modified between uses.
4. Other issues included uninitialized variables, incorrect format strings in printf, and logical errors in conditions.
Despite the age of the code, the analysis revealed several bugs, demonstrating static analysis remains useful on older code bases.
A collection of techniques that allow users to escalate privileges to local administrator and then to NT Authority\System. On a windows domain readers can use the described techniques to escalate to domain administrators.
The document provides a walkthrough for 12 levels of the HackIM 2011 capture the flag competition. For each level, it describes any hints or clues, screenshots of relevant information, and step-by-step instructions for solving the level. It also identifies potential pitfalls or distractions in solving each level. The walkthrough is intended to help participants learn how to solve the various challenges of the HackIM competition.
My solution to malware.lu HackGyver's challenges.Aodrulez
The document describes the author's process for solving two challenges presented in malware binaries - one for Windows and one for Linux. For the Windows binary, the author used IDA Pro and Ollydbg to analyze the code and determine that the valid PIN was 5 characters long. An AutoIT script was created to brute force all possibilities, finding the PIN "13044" within 30 minutes. The Linux binary challenge was initially avoided due to time constraints but was analyzed the next day using GDB after the author's internet was down.
writing self-modifying code and utilizing advanced assembly techniquesRussell Sanford
This document provides instructions for creating shellcode using only alphanumeric characters. It begins by outlining the plan, which is to use IMUL and XOR instructions to reconstruct bytes not in the alphanumeric range. It then provides a blueprint, explaining how IMUL and XOR can be used to generate needed values. The first code example walks through transforming an existing 24-byte shellcode into an alphanumeric version by pushing and popping values and using XOR to zero registers.
Reverse-engineering: Using GDB on LinuxRick Harris
At Holberton School, we have had a couple rounds of a ‘#forfun’ project called crackme. For these projects, we are given an executable that accepts a password. Our assignment is to crack the program through reverse engineering.
I just cannot pass by the source code of ICQ messenger. It is a kind of a cult project, and when I saw the source code on GitHub, it was just a matter of time, when we will check it with PVS-Studio. Of course, we have a lot of other interesting projects that are waiting to be checked. For example, we have recently checked GCC, GDB, Mono. Finally, it's the turn of ICQ.
The document provides hints and solutions for various levels of a CTF (capture the flag) competition. It includes 7 sections with 5 levels each related to topics like trivia, cryptography, programming, web exploitation, reverse engineering, log analysis, and forensics. For each level, it describes the challenge, any provided hints, analysis of clues, and the final flag solution. The author encourages readers to try solving the challenges independently before reviewing the writeup.
Archeology for Entertainment, or Checking Microsoft Word 1.1a with PVS-StudioAndrey Karpov
The document discusses analyzing the source code of Microsoft Word 1.1a from 1990 using the PVS-Studio static analyzer. Some key findings include:
1. An infinite loop was found in a function due to an unsigned variable being decreased indefinitely.
2. A typo led to an array overrun by accessing beyond the bounds of a 5 element array.
3. Several instances of undefined behavior were discovered where variables were modified between uses.
4. Other issues included uninitialized variables, incorrect format strings in printf, and logical errors in conditions.
Despite the age of the code, the analysis revealed several bugs, demonstrating static analysis remains useful on older code bases.
Static code analysis is performed to analyze code quality, design, vulnerabilities, and bugs without executing the code. Types of static analysis include checking code style, security, errors, duplicates, secrets, comments, unused code, and complexity. Cyclomatic complexity measures code complexity more accurately than lines of code. It is calculated using McCabe's function based on the number of edges, nodes, and connected components in the control flow graph of the code. Higher complexity leads to reduced readability, testability, and maintainability. Checking complexity per method can provide insight into violations of principles like single responsibility. Keeping code simple, dry, and solid improves quality.
XCon 2014 => http://xcon.xfocus.org/
In the past was quite common to exploit heap / pool manager vulnerabilities attacking its internal linked structures. However current memory management improve a lot and at current date it is quite ineffective to attack heap in this way. But still those techniques come into hand when we start to looking at linked structures widespread throughout kernel that are unfortunately not hardened enough.
In this presentation we will examine power of these vulnerabilities by famous example “CVE – 2013 - 3660”. Showing bypass on ‘lazy’ assertions of _LIST_ENTRY, present exploitation after party and teleport to kernel.
The document discusses an employee who left the company to work for an embedded systems company. The employee was concerned about the poor code quality at the new company. The employee is now trying to improve the code quality by introducing concepts like static analysis and version control that were emphasized at the previous company. The document includes examples of common coding issues and a paper the employee wrote to address these issues at the new company. The conclusion expresses hope that the situation is improving at the new company but also sadness that many programmers at large companies are unaware of modern development practices.
- The document discusses serialization and deserialization of objects for transfer between systems. It compares JSON and optimized JSON formats.
- JSON is more human-readable but has greater memory overhead and reduced compressibility compared to optimized formats like protocol buffers which can improve performance.
- The document recommends designing data transfer objects (DTOs) to optimize for smaller size and better compression when communicating with servers.
Finding bugs in the code of LLVM project with the help of PVS-StudioPVS-Studio
About two months ago I wrote an article about the analysis of GCC using PVS-Studio. The idea of the article was as follows: GCC warnings are great, but they're not enough. It is necessary to use specialized tools for code analysis, for example, PVS-Studio. As proof of my words I showed errors that PVS-Studio was able to find the GCC code. A number of readers have noticed that the quality of the GCC code, and its diagnosis, aren't really great; while Clang compiler is up to date, of high quality, and fresh. In general Clang is awesome! Well, apparently, it's time to check LLVM project with the help of PVS-Studio.
Productive Use of the Apache Spark Prompt with Sam PenroseDatabricks
Effective programmers work in tight loops: making a small code edit, observing its effect on their system, and repeating. When your data is too big to read and your system isn’t local, println() won’t work. Fortunately, the Spark DataFrame and Dataset APIs have your back. Attendees will leave with better tools for exploring large datasets and debugging distributed code with Spark, and a better mental model of distributed programming at scale.
The Ultimate Question of Programming, Refactoring, and EverythingAndrey Karpov
Yes, you've guessed correctly - the answer is "42". In this article you will find 42 recommendations about coding in C++ that can help a programmer avoid a lot of errors, save time and effort. The author is Andrey Karpov - technical director of "Program Verification Systems", a team of developers, working on PVS-Studio static code analyzer. Having checked a large number of open source projects, we have seen a large variety of ways to shoot yourself in the foot; there is definitely much to share with the readers. Every recommendation is given with a practical example, which proves the currentness of this question. These tips are intended for C/C++ programmers, but usually they are universal, and may be of interest for developers using other languages.
The Ultimate Question of Programming, Refactoring, and EverythingPVS-Studio
Yes, you've guessed correctly - the answer is "42". In this article you will find 42 recommendations about coding in C++ that can help a programmer avoid a lot of errors, save time and effort. The author is Andrey Karpov - technical director of "Program Verification Systems", a team of developers, working on PVS-Studio static code analyzer. Having checked a large number of open source projects, we have seen a large variety of ways to shoot yourself in the foot; there is definitely much to share with the readers. Every recommendation is given with a practical example, which proves the currentness of this question. These tips are intended for C/C++ programmers, but usually they are universal, and may be of interest for developers using other languages.
Deep learning uses neural networks with many hidden layers to learn representations of data with multiple levels of abstraction. It has been shown to outperform simpler models with fewer layers on complex tasks like image and speech recognition. Deep learning works by defining a set of candidate functions (neural networks) and using gradient descent to optimize the network parameters to minimize loss on training data. Deeper networks with more parameters generally perform better but require large datasets and computational resources to train effectively.
Creating mBlock Extensions allows users to write custom blocks for mBlock by creating extensions. There are two main modes for blocks - Scratch Mode which connects to a computer, and Arduino Mode which runs programs on a robot independently. Writing an extension involves defining how blocks appear, generating Arduino code, and programming behavior in Scratch Mode via JavaScript. Extensions are packaged and distributed and can be shared online for others to download and use.
Analyzing the Blender project with PVS-StudioPVS-Studio
We go on analyzing open source projects and making the software world better. This time we have checked the Blender 2.62 package intended for creating 3D computer graphics.
Beijing Perl Workshop 2008 Hiveminder Secret SauceJesse Vincent
Template::Declare is a pure Perl templating engine that allows templates to be treated like code. Templates can be refactored, use object orientation and mixins. Tags are implemented as closures that can output content immediately or return closures. CSS::Squish is a CSS compiler that combines multiple small CSS files into one large file for easier serving, improving performance by allowing browsers to cache the combined file.
This document provides an overview of LLDB, an open-source debugger developed by Apple. It discusses LLDB's architecture, how it uses Clang and is scriptable/pluggable. It also summarizes how LLDB sets breakpoints, evaluates expressions by running on the target process, and prints structured variables using Clang type representations. Testing for LLDB consists of around 20 test cases written in Python. There is opportunity for external contributors to help with areas like testing and improving the CLI.
The document introduces the Boo programming language, which was created by the author out of frustration with existing languages and a desire to take advantage of the .NET framework features. Boo aims to have a Python-like syntax while still providing static typing, automatic type inference, and extensibility through features like syntactic attributes and macros. The goals of Boo include having a clean syntax, syntactic sugar for common patterns, and allowing programmers to take full advantage of the .NET framework and Common Language Infrastructure.
When Good Code Goes Bad: Tools and Techniques for Troubleshooting PloneDavid Glick
Using real issues encountered in the wild, this session will help beginning integrators gain confidence in knowing what to do when Plone fails to behave as expected. Learn how to solve common problems like "My changes aren't taking effect" and "My Zope instance won't start," as well as how to use pdb to investigate more complex Python errors.
This talk is targeted at integrators who have some experience with Plone, but who are not confident in troubleshooting errors and other unexpected behavior. Knowledge of Python is not required, though at least a cursory familiarity with some programming language will make the talk more digestible.
Hiveminder - Everything but the Secret SauceJesse Vincent
Ten tools and techniques to help you:
Find bugs faster バグの検出をもっと素早く
Build web apps ウェブアプリの構築
Ship software ソフトのリリース
Get input from users ユーザからの入力を受けつける
Own the Inbox 受信箱を用意する
今日の話
This document discusses 7 reasons for code bloat, including: 1) underestimating the time needed to understand a new project; 2) maintaining code without proper tools; and 3) developers not reading documentation or existing code before starting work. It argues that developers often try to solve problems their own way before listening to existing solutions or documentation. Proper documentation and planning time for understanding projects are presented as ways to avoid bloated code.
This document provides an introduction to a course on machine learning. It discusses the large amounts of data now available due to factors like the internet and big data. It also introduces programming and machine learning concepts like data types, variables, conditionals, loops, functions, and classes. Python is presented as a useful programming language for machine learning, with examples of code shown. Setting up an environment with Anaconda and Jupyter Notebook is also covered to allow hands-on coding practice.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Static code analysis is performed to analyze code quality, design, vulnerabilities, and bugs without executing the code. Types of static analysis include checking code style, security, errors, duplicates, secrets, comments, unused code, and complexity. Cyclomatic complexity measures code complexity more accurately than lines of code. It is calculated using McCabe's function based on the number of edges, nodes, and connected components in the control flow graph of the code. Higher complexity leads to reduced readability, testability, and maintainability. Checking complexity per method can provide insight into violations of principles like single responsibility. Keeping code simple, dry, and solid improves quality.
XCon 2014 => http://xcon.xfocus.org/
In the past was quite common to exploit heap / pool manager vulnerabilities attacking its internal linked structures. However current memory management improve a lot and at current date it is quite ineffective to attack heap in this way. But still those techniques come into hand when we start to looking at linked structures widespread throughout kernel that are unfortunately not hardened enough.
In this presentation we will examine power of these vulnerabilities by famous example “CVE – 2013 - 3660”. Showing bypass on ‘lazy’ assertions of _LIST_ENTRY, present exploitation after party and teleport to kernel.
The document discusses an employee who left the company to work for an embedded systems company. The employee was concerned about the poor code quality at the new company. The employee is now trying to improve the code quality by introducing concepts like static analysis and version control that were emphasized at the previous company. The document includes examples of common coding issues and a paper the employee wrote to address these issues at the new company. The conclusion expresses hope that the situation is improving at the new company but also sadness that many programmers at large companies are unaware of modern development practices.
- The document discusses serialization and deserialization of objects for transfer between systems. It compares JSON and optimized JSON formats.
- JSON is more human-readable but has greater memory overhead and reduced compressibility compared to optimized formats like protocol buffers which can improve performance.
- The document recommends designing data transfer objects (DTOs) to optimize for smaller size and better compression when communicating with servers.
Finding bugs in the code of LLVM project with the help of PVS-StudioPVS-Studio
About two months ago I wrote an article about the analysis of GCC using PVS-Studio. The idea of the article was as follows: GCC warnings are great, but they're not enough. It is necessary to use specialized tools for code analysis, for example, PVS-Studio. As proof of my words I showed errors that PVS-Studio was able to find the GCC code. A number of readers have noticed that the quality of the GCC code, and its diagnosis, aren't really great; while Clang compiler is up to date, of high quality, and fresh. In general Clang is awesome! Well, apparently, it's time to check LLVM project with the help of PVS-Studio.
Productive Use of the Apache Spark Prompt with Sam PenroseDatabricks
Effective programmers work in tight loops: making a small code edit, observing its effect on their system, and repeating. When your data is too big to read and your system isn’t local, println() won’t work. Fortunately, the Spark DataFrame and Dataset APIs have your back. Attendees will leave with better tools for exploring large datasets and debugging distributed code with Spark, and a better mental model of distributed programming at scale.
The Ultimate Question of Programming, Refactoring, and EverythingAndrey Karpov
Yes, you've guessed correctly - the answer is "42". In this article you will find 42 recommendations about coding in C++ that can help a programmer avoid a lot of errors, save time and effort. The author is Andrey Karpov - technical director of "Program Verification Systems", a team of developers, working on PVS-Studio static code analyzer. Having checked a large number of open source projects, we have seen a large variety of ways to shoot yourself in the foot; there is definitely much to share with the readers. Every recommendation is given with a practical example, which proves the currentness of this question. These tips are intended for C/C++ programmers, but usually they are universal, and may be of interest for developers using other languages.
The Ultimate Question of Programming, Refactoring, and EverythingPVS-Studio
Yes, you've guessed correctly - the answer is "42". In this article you will find 42 recommendations about coding in C++ that can help a programmer avoid a lot of errors, save time and effort. The author is Andrey Karpov - technical director of "Program Verification Systems", a team of developers, working on PVS-Studio static code analyzer. Having checked a large number of open source projects, we have seen a large variety of ways to shoot yourself in the foot; there is definitely much to share with the readers. Every recommendation is given with a practical example, which proves the currentness of this question. These tips are intended for C/C++ programmers, but usually they are universal, and may be of interest for developers using other languages.
Deep learning uses neural networks with many hidden layers to learn representations of data with multiple levels of abstraction. It has been shown to outperform simpler models with fewer layers on complex tasks like image and speech recognition. Deep learning works by defining a set of candidate functions (neural networks) and using gradient descent to optimize the network parameters to minimize loss on training data. Deeper networks with more parameters generally perform better but require large datasets and computational resources to train effectively.
Creating mBlock Extensions allows users to write custom blocks for mBlock by creating extensions. There are two main modes for blocks - Scratch Mode which connects to a computer, and Arduino Mode which runs programs on a robot independently. Writing an extension involves defining how blocks appear, generating Arduino code, and programming behavior in Scratch Mode via JavaScript. Extensions are packaged and distributed and can be shared online for others to download and use.
Analyzing the Blender project with PVS-StudioPVS-Studio
We go on analyzing open source projects and making the software world better. This time we have checked the Blender 2.62 package intended for creating 3D computer graphics.
Beijing Perl Workshop 2008 Hiveminder Secret SauceJesse Vincent
Template::Declare is a pure Perl templating engine that allows templates to be treated like code. Templates can be refactored, use object orientation and mixins. Tags are implemented as closures that can output content immediately or return closures. CSS::Squish is a CSS compiler that combines multiple small CSS files into one large file for easier serving, improving performance by allowing browsers to cache the combined file.
This document provides an overview of LLDB, an open-source debugger developed by Apple. It discusses LLDB's architecture, how it uses Clang and is scriptable/pluggable. It also summarizes how LLDB sets breakpoints, evaluates expressions by running on the target process, and prints structured variables using Clang type representations. Testing for LLDB consists of around 20 test cases written in Python. There is opportunity for external contributors to help with areas like testing and improving the CLI.
The document introduces the Boo programming language, which was created by the author out of frustration with existing languages and a desire to take advantage of the .NET framework features. Boo aims to have a Python-like syntax while still providing static typing, automatic type inference, and extensibility through features like syntactic attributes and macros. The goals of Boo include having a clean syntax, syntactic sugar for common patterns, and allowing programmers to take full advantage of the .NET framework and Common Language Infrastructure.
When Good Code Goes Bad: Tools and Techniques for Troubleshooting PloneDavid Glick
Using real issues encountered in the wild, this session will help beginning integrators gain confidence in knowing what to do when Plone fails to behave as expected. Learn how to solve common problems like "My changes aren't taking effect" and "My Zope instance won't start," as well as how to use pdb to investigate more complex Python errors.
This talk is targeted at integrators who have some experience with Plone, but who are not confident in troubleshooting errors and other unexpected behavior. Knowledge of Python is not required, though at least a cursory familiarity with some programming language will make the talk more digestible.
Hiveminder - Everything but the Secret SauceJesse Vincent
Ten tools and techniques to help you:
Find bugs faster バグの検出をもっと素早く
Build web apps ウェブアプリの構築
Ship software ソフトのリリース
Get input from users ユーザからの入力を受けつける
Own the Inbox 受信箱を用意する
今日の話
This document discusses 7 reasons for code bloat, including: 1) underestimating the time needed to understand a new project; 2) maintaining code without proper tools; and 3) developers not reading documentation or existing code before starting work. It argues that developers often try to solve problems their own way before listening to existing solutions or documentation. Proper documentation and planning time for understanding projects are presented as ways to avoid bloated code.
This document provides an introduction to a course on machine learning. It discusses the large amounts of data now available due to factors like the internet and big data. It also introduces programming and machine learning concepts like data types, variables, conditionals, loops, functions, and classes. Python is presented as a useful programming language for machine learning, with examples of code shown. Setting up an environment with Anaconda and Jupyter Notebook is also covered to allow hands-on coding practice.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Driving Business Innovation: Latest Generative AI Advancements & Success Story
C0c0n 2011 CTF Walkthrough
1. C0C0N 2011 – CTF Walkthrough
Riyaz Walikar a.k.a karniv0re
http://www.riyazwalikar.com
Greetings fellow readers!! As usual another great CTF has ended and most of us who played this have
lost some hair from their heads with the collective effort of yanking it out or banging our heads on the
nearest walls . On a more serious note, people who thought only 'corrupt' could be nightmarishly
creepy, you can now go ahead and add Anant a.k.a infinity to the list!
Great job guys, to the team who made this possible!!
This was all in all, an enjoyable event, with the levels being fairly designed to supposedly increase in
order of complexity, frustration and technical incoherence as you progressed up. I managed to finish all
except one level, to which I will come to in a bit.
The CTF was divided into multiple sections as listed below and each section had 3 levels.
1. Crypto Levels – Mostly to do with some sort of cipher/obfuscation/symbol substitution.
2. Programming Levels – Programming related questions. People actually had to write programs!!
3. Reverse Engineering Levels – Reverse engineering binaries, PYCs and APKs.
4. Log Analysis Levels – Analysis of Apache logs, PMLs and Wireshark Pcap dumps.
As is with all CTFs, different people would have different approaches which may lead to the same
answer that enables you to complete a level and unlock the next. This is my approach and I agree it is
not the best, not the most elegant or the most uber out there, but hell it worked . I have also tried to
tag the levels based on their difficulty as Easy, Average, Hard and WTF! This categorization/classification
is entirely based on my experience with the CTF and is entirely my opinion. Your opinion may differ so
don’t take it too seriously.
Page | 1
2. Crypto Levels
Crypto Level 1
URL: http://nullcon.net/challenge/c0c0n/clevel-1.php
Difficulty: Average
Solution: The source code of the page shows two HTML comments. The first one appears to be an
obfuscated/encoded string. The '==' at the end points us to the string being base64 encoded. However a
subsequent decoding does not provide anything conclusive.
The second HTML comment is an apparent clue to the use of ROT-13 before you decode the string using
Base 64.
Page | 2
3. Having played a similar level at last year’s nullcon HackIM challenge, this wasn’t very hard. Using the
ROT-13 decoder at http://web.forret.com/tools/rot13.asp, I obtained the following:
Base 64 decoding this, after adding the necessary padding gives:
Call it intuition or just the way the characters were arranged, this had to be re-Base64 decoded!!
Page | 3
4. A quick Google search for "Google Beer" gives "URKontinent". Converting this to title case gives
"Urkontinent" which is the flag.
Crypto Level 2
URL: http://nullcon.net/challenge/c0c0n/clevel-2.php
Difficulty: Easy
Solution: This was one easy because I had recently finished reading The Code Book by Simon Singh. The
book’s appendix contains an explanation of the symbol substitution. This has also been depicted in the
Dan Brown book, The Lost Symbol. This is a mono-alphabetic simple geometric substitution cipher called
Pigpen Cipher (also called the Masonic Cipher).
Page | 4
5. For people who have never heard of this before, a quick Google search for "Image Ciphers" also provides
obvious clues to this being the Pigpen Cipher substituted string. Decoding this is straight forward with
the help of the following key.
The code then translates to the string "FLAGISTHENAMEGIVENTOTHEENLIGHTENEDGROUP". A quick
Google search for "name given to the enlightened group" gives "Illuminati" as the first result which also
happens to be the flag!!
Crypto Level 3
URL: http://nullcon.net/challenge/c0c0n/clevel-3.php
Difficulty: Average
Solution: The level description was the hint. This is written in the Braille system which is a method that
is widely used by blind people to read and write, and was the first digital form of writing (source:
Wikipedia). Using a Braille Character Chart, the above text can be decoded to:
I devised Braille in 1825 based on a method of communication originally developed by Charles Barbier.
Who am I?
Google and general knowledge tells you the answer is Louis Braille which also happens to be the flag!
Page | 5
6. Programming Levels
Programming Level 1
URL: http://nullcon.net/challenge/c0c0n/plevel-1.php
Difficulty: Hard
Solution: This level was one of the crappiest. Finally wrote a python script to generate the necessary
number. The pseudocode is as below:
a=0
b=a+1
for (x = 0 to 31334)
c = a+b
a = b
b = c
a = hex(c)
for (x = 0 to len(a))
if (x mod 3 == 0)
p = a.position(x-1)
b = b + todecimal(p)
print b
The final answer that the script would generate is 13590 which is the flag for this level.
Page | 6
7. Programming Level 2
URL: http://nullcon.net/challenge/c0c0n/plevel-2.php
Difficulty: Average
Solution: A quick Google search for "Goldbach Partition" or "Goldbach’s Conjecture" generates a lot of
helpful results. Basically, it states that Every even integer greater than 2 can be expressed as the sum of
two primes.
There are two ways of doing this: Method 1 is to write a program to identify all primes smaller than
13590 and then all combinations of their sums can be checked if they equal 13590. A comma separated
list of the result would be the answer.
Method 2 is for the lazy types like me. Google for an online generator, which although sounds like a
straight forward job requires some special Googling skills. Format the output in CSV format and paste it
in the flag box.
The flag is the following string of numbers:
13,13577,23,13567,37,13553,53,13537,67,13523,103,13487,113,13477,127,13463,139,13451,149,13441
,173,13417,179,13411,191,13399,193,13397,223,13367,251,13339,263,13327,277,13313,281,13309,293
,13297,331,13259,349,13241,373,13217,419,13171,431,13159,439,13151,443,13147,463,13127,487,131
03,491,13099,541,13049,547,13043,557,13033,587,13003,607,12983,617,12973,631,12959,673,12917,6
83,12907,691,12899,701,12889,761,12829,769,12821,809,12781,827,12763,877,12713,887,12703,919,1
2671,937,12653,953,12637,971,12619,977,12613,1013,12577,1021,12569,1049,12541,1051,12539,1063
,12527,1087,12503,1093,12497,1103,12487,1117,12473,1153,12437,1181,12409,1213,12377,1217,1237
3,1289,12301,1301,12289,1321,12269,1327,12263,1427,12163,1429,12161,1433,12157,1447,12143,147
1,12119,1481,12109,1483,12107,1489,12101,1493,12097,1549,12041,1553,12037,1579,12011,1583,120
07,1609,11981,1619,11971,1621,11969,1637,11953,1657,11933,1663,11927,1667,11923,1693,11897,17
23,11867,1759,11831,1777,11813,1783,11807,1789,11801,1801,11789,1811,11779,1847,11743,1871,11
719,1873,11717,1889,11701,1901,11689,1913,11677,1933,11657,1973,11617,1993,11597,1997,11593,2
003,11587,2011,11579,2039,11551,2063,11527,2087,11503,2099,11491,2143,11447,2153,11437,2179,1
Page | 7
9. Solution: The guys who thought of this level get some extra credit. The level description presents an
MD5 hash that supposedly is the MD5 of the password (flag) for this level. However a quick look at the
page source code shows the following HTML comment.
The server code logic, if it uses this pseudo code, takes the input value from the user submitted form,
MD5 hashes it and then compares only the first 8 characters with an internal hash (which happens to be
the MD5 hash printed on the page).
In simpler words, you would need to input a string whose MD5 hashes first 4 bytes (8 characters) match
"a180ce8a". This sounds awfully easy and looks possible since there exist multiple strings whose MD5
hashes’ first 8 characters match.
How wrong I was!! Since the MD5 algorithm has been developed in such a way that minimum change
(even a single bit) would result in a completely different hash. However MD5 is now known to have
collisions, which means that 2 unique data sets can be created with identical MD5 hashes. However
generating a plain text with a predefined hash, also called a pre-image collision, still remains nearly
impossible. The best we can do is brute force by generating multiple possible combinations of data and
attempt to match hashes.
It is true that there are multiple strings whose MD5 hashes have common first 8 characters, however it
was not true in this case. Or maybe I should have attempted a comparison with a larger data set. I
generated over 3 miillion unique character combination and attempted to match the first 8 characters
of the hashes, but after several hours of full CPU utilization I still had no luck. I am sure this is achievable
but requires a larger data set and a faster processor. For the adventurous, here’s my python code:
I ran it for a little over 8 hours and was not able to find any string which satisfied the script. I am
currently running a more complex version of this script on a more powerful server back in office for the
past 3 days, hoping to see something before the end of this week.
Page | 9
10. Reverse Engineering Levels
Reversing Level 1
URL: http://nullcon.net/challenge/c0c0n/rlevel-1.php
Difficulty: Average
Solution: This level is straight forward if you know the right tools. APK files are compressed archives of
xml and dex files. A tool like Dex2jar can be used to extract the jar file from the cocon_apk.apk and jd-
gui can be used to decompile the jar file. The jar contained a public function called show_key that
returned a string.
The function, if carefully analyzed produces the MD5 of the string "Key:Value;Challange:cocon;Date:”
and the system date. The system date is found in the HTML source code of the page.
The flag for this level would then be MD5(Key:Value;Challange:cocon;Date:2011-10-16) which is
f5d2fe1f612f022ee9033667963f5ae6
Page | 10
11. Reversing Level 2
URL: http://nullcon.net/challenge/c0c0n/rlevel-2.php
Difficulty: Easy
Solution: The level description gives the hint regarding this having something to do with .NET. In any
case, when you download the program you can run it through strings to find the following output.
Since this was a .Net application, I opened it using .Net Reflector to do an analysis. The button1_click
event contained some promising code.
Page | 11
12. The hex encoded text decodes to CeCmmUxzvPAIAVA9Udiv5ab07Q which is the flag for this level.
Reversing Level 3
URL: http://nullcon.net/challenge/c0c0n/rlevel-3.php
Difficulty: Hard
Solution: The cookpie.zip file contains a cookiepie.pyc file which is a compiled executable python file.
What makes this level difficult is that there are very few python decompilers available. Depython, an
online python decompilation service does not decompile version 2.6 compiled python files which was
the version in which cookpie was compiled in.
I used a decompiler called Decompyle on Ubuntu and was provided with a pseudo bytecode/assembly
style output. The de-compiled output contained references to 3 variables: C0C09CTF, PIEKING and
DUMPMENOT. The final flag was the MD5 output of a combination of the username and the 3 variables.
Here’s the decompiled output of the pyc file. The interesting stuff happens in section 16 of the following
decompiled code.
Page | 12
15. 220 LOAD_ATTR 10 (hexdigest)
223 CALL_FUNCTION 0
226 LOAD_ATTR 11 (upper)
229 CALL_FUNCTION 0
232 BINARY_ADD
233 PRINT_ITEM
234 PRINT_NEWLINE
235 JUMP_FORWARD 11 (to 249)
>> 238 POP_TOP
18 239 LOAD_CONST 12 ('Key is to try harder, not
everything is found by executing files')
242 PRINT_ITEM
243 PRINT_NEWLINE
19 244 LOAD_CONST 13 ('BTW i forgot to code the data
stealer in this, although would have loved to')
247 PRINT_ITEM
248 PRINT_NEWLINE
>> 249 LOAD_CONST 1 (None)
252 RETURN_VALUE
consts
-1
None
'welcome to COCON CTF'
'C0C09CTF'
'PIEKING'
'Please enter your userid :'
'DUMPMENOT'
'Please enter your key : '
''
2
10
'key is '
'Key is to try harder, not everything is found by executing files'
'BTW i forgot to code the data stealer in this, although would have
loved to'
names ('re', 'os', 'hashlib', 'val', 'val243', 'raw_input', 'nm',
'val542', 'key', 'md5', 'hexdigest', 'upper', 'md', 'y', 'x', 'str', 'ord')
varnames ()
freevars ()
cellvars ()
filename '/home/anant/Desktop/CTF work/cookpie.py'
name '<module>'
firstlineno 2
lnotab
0c010c010c010501060106010c0106010c011b0106010700060122010d01
3f020501
Page | 15
16. The flag can deduced from the decompiled code and was the MD5 of the following combination:
C0C09CTF + <username_in_reverse> + <username> + PIEKING + DUMPMENOT. The flag is obviously
different for every user, or for atleast the username that is provided in the text box on the flag
submission page.
Log Analysis Levels
Log Analysis Level 1
URL: http://nullcon.net/challenge/c0c0n/llevel-1.php
Difficulty: Easy
Solution: This was pretty easy, mostly because of the amount of attention this had got on Full Disclosure
a few weeks ago. Anyways, the dump.zip contained a packet capture, and thanks to the creators
contained a LOT of redundant data.
Opening this file with Wireshark showed standard HTTP traffic, but what was noticeable was a number
of HTTP Head requests. A quick look at the Header information via the Follow TCP Stream option in
Wireshark showed a long string of numbers being sent in the range header. Since I had already worked
on this Denial of Service exploit before, the data appeared familiar. In any case, a Google search for
Range Bytes vulnerability produces several promising results.
The CVE-ID for this vulnerability was CVE-2011-3192 and the attacker’s IP clearly was 192.168.0.105.
Page | 16
19. Log Analysis Level 2
URL: http://nullcon.net/challenge/c0c0n/llevel-2.php
Difficulty: Average
Solution: This level involved reading an Apache log to identify the name of the database and the table
that was accessed by the attacker. As usual the creators of this level, used whatever means possible to
bury this information as deep as possible since the log contained a LOT of redundant GET requests to
the server, including requests caused by running Grendel Scan!
If you scroll down slowly through the file, you will see that SQLMAP was used to exploit a SQL Injection
vulnerability and a LOT of requests show that database and table name enumeration was performed.
The following image shows the database name encoded in one of the requests. Note that the file was
first grepped for sqlmap and then parsed through a URL decoder to clean the output a bit.
The 67,84,70,95,67,48,67,48,57 can be quickly ASCII equated to CTF_C0C09 and the table name can be
obtained by constructing the characters from each log entry that reads table_schema=CTF_C0C09.
Database name: CTF_C0C09
Table name: key_efd231b97af472e52f2a5413bde54b3f
Page | 19
20. Log Analysis Level 3
URL: http://nullcon.net/challenge/c0c0n/llevel-3.php
Difficulty: Easy
Solution: This was an interesting level mostly because I work a lot with Process Monitor. I finished this
level in less than 5 minutes, making it the fastest level that I had played in the entire CTF. And
coincidentally, I had analyzed the same malware a few weeks ago hence I knew the answers as soon as I
found a single reference to it in the PML file.
The infectedlog.zip contained a .pml file which is basically a Process Monitor saved session. To find
unwanted process activity in Process Monitor, you can eliminate known Windows processes till you hit
an unwanted/unknown application, as I did till I stopped at mluchaby.exe
The process image had all the properties that most common Windows malware possess; located in the
Windows folder, description that made it sound important, no company description etc.
Page | 20
21. The Chinese characters in the description of the process translate to Foundation Classes Application
which meant that it was a Windows MFC application. A quick Google search for mluchaby.exe shows
that it is part of the Rustock Botnet malware family. Finding the parent process was trivial since we
could obtain the Parent Process ID using the properties page of the mluchaby.exe process which was
1956. Removing all applied filters and quickly applying a Include Process PID = 1956 filter gave
Explorer.exe as the result.
Page | 21
22. There was however some confusion with the malware family name since Rustock is also known with
several other names. However, the answer to the malware family was TDSS/TDL/Alureon family and not
Rustock, which I still believe to be an error on the part of the level developers. However, considering
how this is such a rare oversight and in the spirit of the CTF, its alright . The final answers are as
follows:
Malware family: TDL/TDSS/Alureon
Service: mluchaby
Parent Executable: Explorer.exe
Last words
It was a brilliant CTF (mostly because I won ), considering the variation in all the levels and the
number of people who worked on this, I must commend them on the awesome stuff. Greetz to corrupt,
Anant, Pushkar and all the others who worked on this!
- Riyaz Walikar a.k.a karniv0re
- http://www.riyazwalikar.com
- End of File -
Page | 22