KOrUPt

Okay so ADC was nice to enough to do a write up for the Potent Pwnable’s 200 challenge…

During the qualification round I took a brief look over this challenge and was able to locate the upload scripts and made a note of the SQL commands contained within the files you could download(once they were unpacked)… However I got sidetracked with Binary Analysis so I left this challenge to my team, unfortunately we didn’t solve it… Which makes this write up all the more interesting .

As usual you can find it over at Pastie:

http://pastie.org/505249.txt

I’ll have it mirrored locally in a few days.

Nice work Adc! I’m about to read over it now .

KOrUPt.

Okay well as you can see, quite a few things have changed today…

I’ve added some custom themes and a theme selection tool so you can revert back to the old one should you not like the current one, however I don’t recommend it.

I’ve also added quite a few more widgets and plugins, you can now receive email updates simply by subscribing(see the Notifications form to the right)…

For those interested I’ve integrated my Twitter account with this theme, so you can see what I’m up to on a daily basis.

Furthermore I’ve surveyed and updated the security settings and enhanced the search feature…

I took the time to remove some of the clutter from the sidebar too .

Hope you like the new look, I’m open to suggestions.

Just a quick update.

KOrUPt.

Seems someone took the time to do a write up for this years Defcon Trivial Pursuits 400 challenge .

Let me start by saying me nor my team take any credit for this write up, it’s unclear as to who the author is but my guess is ADC of Loller Skaters produced it? Please correct me if I’m wrong in this assumption.

The write up can be found over at Pastie:

http://pastie.org/510841

I’ve also mirrored it locally just incase, it can be found here:

http://korupt.co.uk/defcon/T400Writeup.txt

I strongly recommend you view the above write up within a web browser(preferably Firefox).

To the author of the above guide, very nice work . My team and I didn’t manage to solve the T400 challenge during the qualification round. If you’d like me to update the above links please leave a comment and I’ll do so at the earliest opertunity.

KOrUPt ~ Sapheads.

Just thought I’d bring this to your attention …

For those interested in solving the Crypto Badness 400 challenge of the Defcon quals…
Hahah did a very good write up, which can be found at:

http://beist.org/defcon2009/defcon2009_crypto400_solution.txt

Good work Hahah, looking forward to any others you may do .

Thanks to T1g3r for bringing the article to my attention :p.

Enjoy!

KOrUPt.

Edit: Author updated.

Okay so recently I said I’d post my views regarding my experience at this years Defcon CTF qualifications…

This year we put forward a new and considerably stronger team than last year and we decided to go by the name of “Sapheads”, for those wondering, the definition of a “saphead” is an “idiot”, this name was chosen out of comedic value with [I assume] the intention of having a touch of irony to it… Similar to Lastplace, who tend to end up in first place (props @tlas and co ).

In fact, our team this year is the combined force of three of last years teams…

We finished 11th,  after 48 hours of what seemed to be near non-stop analysis, I got a passive 4 hours sleep during that period.

Our final result I think goes to show just how important it is to be well prepared, organized and to communicate correctly. Our team members excelled themselves and without the collaboration between us I doubt we’d of done as well as we did…

Binary Leetness 400 is a prime example of this, I served as my teams binary analyst. 85MB’s of JPEG’s… To a binary analyst, that doesn’t mean much… Though I was able to put together some of the puzzle. After handing the file down to our teams forensics expert, he eventually came back to us with an executable which I was able to provide an analysis of… That said, without his efforts, we wouldn’t have solved the challenge.

During the qualification rounds, good resource utilization is also helpful… Thinking about it, I did initially intend to stock 20 or so energy drinks, don’t know what happened to that plan though.

I think most of our team this year were a bit apprehensive once they’d learned that Kenshoto had stepped down and Ddtek opted to fill their shoes(props to you guys!)… I know I was! None of us were sure what to expect this year.

My initial impression wasn’t a very good one, the scoreboard was very slow to begin with and some of the services were periodically updated which threw a few of us off during mid-analysis. However, I have to admit the Ddtek crew did a very very good job to resolve the issues at hand, after a while things where once again bearable and all went well. I think I speak for everyone when I say we all had a great time!

Our team did solve all of the Binary Leetness challenges, which is something I’m proud of. We’ll be doing write up’s soon, as it stands I’ve already done a write up for the Binary Leetness 300 challenge, which can be found via a quick search.

Currently we intend to solve some of the challenges we weren’t able to solve during the qualification rounds and hopefully do write up’s of their solutions.

That said, I’m just one side of this team, you can find the rest of us over at http://www.sapheads.org, I’ll be mirroring most of the content here over there, with the intention of having a more centralized source of information for you all . I hope you all drop by sometime .

I’d like to conclude this post by extending a very big thank you to the ddtek team, and of course Kenshoto, who also put on a very good game over the years.

To my team, very good job, we will only continue to get stronger .

DDTek, best of luck handling the CTF at Defcon, I’m sure you’ll do well… P.S Mars, let me know how it goes if possible .

That just about wraps this article up for now I think… At this rate I’ll have to make a category specifically for Defcon related content .

References:

http://www.sapheads.org/ < our team.

http://ddtek.biz/ < this years ctf organizers.

http://shallweplayaga.me/ < VedaGodz.

http://brycekerley.net/blog/2009/06/trivia300.html < Bryce’s T300 solution.

Signing off.

~ KOrUPt.

Well, the Defcon CTF 2009 qualifications are over… I’ve decided to do a write up for the Binary Leetness 300 challenge .

Feedback appreciated!

Note: your anti-virus may detect the below archive as infected, it contains the b300 binary, which is packed. This is a false positive, I recommend you disable your AV.

http://korupt.co.uk/defcon/B300Writeup.rar

I’ll be posting a more in-depth overview of my experience at the quals shortly.

Enjoy!

KOrUPt ~ Sapheads.org.

Hi all.

First things first, I apoligise for the drought in new posts, I’m very busy at the moment dealing with real life problems and such…

Now on to what I actually wanted to write about.

Recently a friend of mine asked me if I’d like to write a few RE challenges and Wargame services for him… I thought this would be fun and I’ve had a few crafty idea’s . The intended platform is a currently undecided Linux distribution. This post documents some of my idea’s and thoughts on the matter :p.

I was thinking about creating some stripped bins and having some fun with RAW sockets, SSL certs, FLIRT signatures, kernel modules and a few other things, if all goes to plan this could be a fun adventure…

Drunken TCP servers and custom encryption schemes come to mind :p.

I was wondering if any of my readers have any idea’s for services I could implement and such?

I’d also like some opinions on how you’d go about throwing together some of the aforementioned things.

As I mentioned earlier, I’m very busy with real lifes issues at the moment so I don’t have much free time. So it could be a while before I actually implement these services.

I’m thinking of setting up an environment similar to the Defcon quals.

If anyone has any feedback or suggestions I’d love to hear them.

If you’d like to lend a hand in implementing a few services don’t hesitate to contact me. Support is something I need at the moment .

Hope to hear from you all. Spread the word where applicable.

KOrUPt.

This is just a quick post I thought I’d make to let you all know what I’m up to.

Currently I’m revising various portions of my old code, which I may upload and provide links to on a separate page of this Blog.

I’m also thinking about the implementation of various advanced PE protection tools, Code VM’s and the like.

…And of course I’m trying to think up new subjects I could write some article’s about. Whilst I have been up all night and some refer to me as a machine, I too am only human. Thus whilst I try my best to keep this Blog filled with new and interesting content, it can take me a few days at a time to do some writeups… As I’m sure you can all relate to.

On that note. Have a good new year .

I shall be posting some stuff up soon so stay tuned.

KOrUPt.

Firstly, I want to say I’m putting this post out sooner rather than later… I’d imagine that at some point I’m going to run out of idea’s for what my next article should be about.

That said, if you’ve a suggestion for an article you’d like me to write about, don’t hesitate to leave me a comment with your suggestion.

So far I’ve had people ask me if I’d be able to do an article about Heuristics Evasion and possible methods to avoid signature detection amongst other coding related things. I’m still considering these idea’s and I may decide to do a few write-ups on the subject.

On that note, please keep them coming and don’t hesitate to leave a comment! Try and keep the idea’s on topic if possible.

I look forward to reading about your idea’s and perhaps writing an article in response if possible.

That just about sums up this post for now… Check back regularly for updates.

KOrUPt.

Merry Christmas everybody… I hope you all have a good one.

Let me know if you’re getting anything special :p.

KOrUPt.