Calle SvenssonMarch 13-15, the 2020 edition of the Swedish High-School CTF championships, "Säkerhets-SM", took place. The competition aims to bring high school students (and others) some nice security challenges and expose them to the fantastic world of CTFs.
For more info and to participate: https://sakerhetssm.se/
I will host a stream where I will go through the challenges from Säkerhets-SM 2020, how to approach them and how to solve them. Note that the competition is (at least partially) in Swedish but this stream will be in English.
Säkerhets-SM 2020 Challenge Solutions Part 1/3Calle Svensson2020-03-15 | March 13-15, the 2020 edition of the Swedish High-School CTF championships, "Säkerhets-SM", took place. The competition aims to bring high school students (and others) some nice security challenges and expose them to the fantastic world of CTFs.
For more info and to participate: https://sakerhetssm.se/
I will host a stream where I will go through the challenges from Säkerhets-SM 2020, how to approach them and how to solve them. Note that the competition is (at least partially) in Swedish but this stream will be in English.
Table of Contents: 0:00:00 Intro 0:03:47 Solving 2:34:49 SolvedBlind solving the 2021 Gen Z Hack Challenge - Part 2Calle Svensson2022-05-25 | In this steam I will continue my attempts to solve some of the challenges of the 2021 edition of the "Gen Z Hack Challenge" (https://2021.challenge.fi). I will be joined by Aapo who will bounce tips and ideas with me.
Table of contents: 0:00:00 Intro 0:03:08 Hack weblogin part 1 0:18:17 Hack weblogin part 2 0:49:13 Catch the criminal part 1 1:13:07 Catch the criminal part 2 1:25:29 Aapoweb 1:39:56 OutroBlind solving the 2021 Gen Z Hack ChallengeCalle Svensson2022-04-11 | In this steam I will attempt to solve some of the challenges of the 2021 edition of the "Gen Z Hack Challenge" (https://2021.challenge.fi). I will be joined by Aapo who will bounce tips and ideas with me.
Table of contents: 0:00:00 Intro 0:06:14 Project Kyyber 1 0:16:39 Project Kyyber 2 & 3 1:24:29 Securelogin 3:01:08 Enter the world of binary 3:11:25 Deep inside ones and zeros 3:16:00 OutroSäkerhets-SM 2021 Challenge Solutions Part 2Calle Svensson2021-04-26 | March 26-28, the 2021 edition of the Swedish High-School CTF championships, "Säkerhets-SM", took place. The competition aims to bring high school students (and others) some nice security challenges and expose them to the fantastic world of CTFs.
For more info and to participate: https://sakerhetssm.se/
In this stream I go through the challenges from Säkerhets-SM 2021, how to approach them and how to solve them. Note that the competition is (at least partially) in Swedish but this stream will be in English.
0:00:00 Intro 0:02:51 Web - Bästa Bloggen 0:16:24 Web - XSS with Animations 0:32:25 Web - myFirstPHPProject 1:01:11 Web - The Secret Club 1:04:21 Web - Undvik Handskakning 1:08:16 Misc - Affisch 1:42:19 OutroSäkerhets-SM 2021 Challenge Solutions Part 1Calle Svensson2021-04-02 | March 26-28, the 2021 edition of the Swedish High-School CTF championships, "Säkerhets-SM", took place. The competition aims to bring high school students (and others) some nice security challenges and expose them to the fantastic world of CTFs.
For more info and to participate: https://sakerhetssm.se/
I will host a stream where I will go through the challenges from Säkerhets-SM 2021, how to approach them and how to solve them. Note that the competition is (at least partially) in Swedish but this stream will be in English.
0:00:00 Intro 0:15:48 Forensics 0:16:22 Forensics - Datorer AB 0:29:11 Forensics - PDF Padlock 0:37:39 Forensics - Herr Robot 0:50:09 Forensics - Skumt Ljud 1:31:18 Forensics - Anamorfos 1:45:25 Forensics - Mosad Bild 2:09:26 Pwn - Buffertspill 2:43:11 Pwn - Printf i en loop 3:17:36 Reversing - Durins Dörrar 3:20:47 Reversing - Isengård 4:11:22 Reversing - Barad-Dur 4:51:12 Reversing - Kodlås 5:03:23 Reversing - Skum Kod 5:30:30 Reversing - OutroBlind solving the Nixu challenge - Part 2Calle Svensson2021-01-20 | In this series of streams I will attempt to solve some of the challenges of the "The Nixu Challenge" (thenixuchallenge.com/). In this part we take a look at:
- Bad memories - part 1 - Bad memories - part 3Blind solving the Nixu challenge - Part 1Calle Svensson2021-01-13 | In this series of streams I will attempt to solve some of the challenges of the "The Nixu Challenge" (thenixuchallenge.com/). In this part we take a look at:
- Device Control Pwnel - Device Control Pwnel - part 2 - AIMLES - stagingBlind solving a crackme by s4tan - Part 3/3Calle Svensson2020-11-19 | In this video series I'm solving a so called "crackme" challenge posted by Antonio "s4tan" Parata (twitter.com/s4tan). I have not looked at the challenge before or between these streams. This is to show how I'm thinking when approaching a challenge like this and how I use the different tools involved. If you have any comments or questions about this or reverse engineering, please leave a comment and if you would like to see more streams like this, consider subscribing.
Part 1 - youtube.com/watch?v=NJamb40GSYY Part 2 - youtube.com/watch?v=6y4tfVWH-qM Part 3 - youtube.com/watch?v=kuhu9VEASQIBlind solving a crackme by s4tan - Part 2/3Calle Svensson2020-11-15 | In this video series I'm solving a so called "crackme" challenge posted by Antonio "s4tan" Parata (twitter.com/s4tan). I have not looked at the challenge before or between these streams. This is to show how I'm thinking when approaching a challenge like this and how I use the different tools involved. If you have any comments or questions about this or reverse engineering, please leave a comment and if you would like to see more streams like this, consider subscribing.
Part 1 - youtube.com/watch?v=NJamb40GSYY Part 2 - youtube.com/watch?v=6y4tfVWH-qM Part 3 - youtube.com/watch?v=kuhu9VEASQIBlind solving a crackme by s4tan - Part 1/3Calle Svensson2020-11-10 | In this video series I'm solving a so called "crackme" challenge posted by Antonio "s4tan" Parata (twitter.com/s4tan). I have not looked at the challenge before or between these streams. This is to show how I'm thinking when approaching a challenge like this and how I use the different tools involved. If you have any comments or questions about this or reverse engineering, please leave a comment and if you would like to see more streams like this, consider subscribing.
This video is part of the MegaFavNumbers project. Maths YouTubers have come together to make videos about their favourite numbers bigger than one million, which is called #MegaFavNumbers.
For more info and to participate: https://sakerhetssm.se/
I will host a stream where I will go through the challenges from Säkerhets-SM 2020, how to approach them and how to solve them. Note that the competition is (at least partially) in Swedish but this stream will be in English.
Contents: 00:00 - Introduction
Forensics challenges: 02:15 - Korrumperad Katt 06:30 - Beautiful Birds 13:15 - Unzip me 20:05 - Ett äpple om dagen 01:20:25 - Torktumlad zip
Part 1: youtube.com/watch?v=CYBGQ9Zp6UQ Part 2: youtube.com/watch?v=mEeccIodvFQ Part 3: youtube.com/watch?v=Od8QJwQpbkkSäkerhets-SM 2020 Challenge Solutions Part 2/3Calle Svensson2020-03-18 | March 13-15, the 2020 edition of the Swedish High-School CTF championships, "Säkerhets-SM", took place. The competition aims to bring high school students (and others) some nice security challenges and expose them to the fantastic world of CTFs.
For more info and to participate: https://sakerhetssm.se/
I will host a stream where I will go through the challenges from Säkerhets-SM 2020, how to approach them and how to solve them. Note that the competition is (at least partially) in Swedish but this stream will be in English.
Contents: 00:00 - Introduction
Pwn challenges 02:20 - Miniräknare 07:40 - Hello, World 40:10 - Echo service 01:05:40 - Notebook
Episode info and challenge download: https://pwny.racing/episodes/episode11/Pwny Racing - Episode 10Calle Svensson2019-11-30 | Commentators: Zeta Two & b0bb Challenge author: b0bb Participants: Peace-Maker, NotDeGhost, night_f0x & spq Winner: night_f0x
Episode info and challenge download: https://pwny.racing/episodes/episode10/Pwny Racing - CSAW SpecialCalle Svensson2019-11-08 | Commentators: Jordan, Rusty and Josh
9:00 Game 1: PPP v GreyHatGT 57:10 Game 3: Sice Squad v Antisice Amigos 1:38:15 Game 4: Zero Cost Abstractions v RPISEC 2:58:34 Game 2: Sigpwny v Kernel Sanders 4:38:44 Game 5: Perfect Blue v PPP 5:44:11 Game 6: Kernel Sanders v dcua 6:34:04 Game 7: Sice Squad v Perfect Blue 7:20:43 Game 8: Kernel Sanders v Zero Cost Abstractions 8:46:14 Game 10: Kernel Sanders v Perfect Blue 10:05:58 Game 9: Zero Cost Abstractions v Sice SquadPwny Racing - Episode 9Calle Svensson2019-10-26 | Commentators: Zeta Two & b0bb Challenge author: b0bb Participants: niklasb, jazzy, mightymo, zzz Winner: niklasb
Episode info and challenge download: https://pwny.racing/episodes/episode9/Pwny Racing - Episode 8Calle Svensson2019-09-28 | Commentators: Zeta Two & b0bb Challenge author: b0bb Participants: XeR, nneonneo, honululu & nandayo Winner: nneonneo
Technical issues starts at 08:30 Technical issues resolved at 16:45
Episode info and challenge download: https://pwny.racing/episodes/episode8/Pwny Racing - Community Challenge 1Calle Svensson2019-08-31 | In this video we do a run through of the Pwny Racing Community Challenge #1. We explain the challenge, the bugs, how to exploit it and some general tips and tricks when it comes to reverse engineering and exploitation.
Hosts: ZetaTwo & b0bb Challenge author: b0bb
More information about the community challenge: https://pwny.racing/communitychallenge/Pwny Racing - Episode 7Calle Svensson2019-08-22 | Commentators: Zeta Two & Vito Challenge author: b0bb Participants: spq, zap, quend and aweinstock Winner: spq
Stream starts at 19:25
Episode info and challenge download: https://pwny.racing/episodes/episode7/Pwny Racing - Episode 6Calle Svensson2019-07-27 | Commentators: Zeta Two & b0bb Challenge author: b0bb Participants: acez, blasty, likvidera Winner: acez
Stream starts at 08:52
Episode info and challenge download: https://pwny.racing/episodes/episode6/Pwny Racing - Episode 5Calle Svensson2019-06-29 | Commentators: Zeta Two & b0bb Challenge author: b0bb Participants: nneonneo, KidOfArcania, ottizy & MurmusCTF Winner: nneonneo
Stream starts at 10:40
Episode info and challenge download: https://pwny.racing/episodes/episode5/Pwny Racing - Episode 4Calle Svensson2019-05-25 | Commentators: Zeta Two & b0bb Challenge author: b0bb Participants: laxa, mrtumble, kileak & Lord_Idiot Winner: Lord_Idiot
Stream starts at 10:10
Episode info and challenge download: https://pwny.racing/episodes/episode4/Pwny Racing - Episode 3Calle Svensson2019-04-13 | Commentators: Zeta Two & b0bb Challenge author: b0bb Participants: jinmo, mak and retr0id Winner: jinmo
Stream starts at 09:55
Episode info and challenge download: https://pwny.racing/episodes/episode3/
Welcome to the third episode of Pwny Racing in which the participants race to be the first to solve a pwnable challenge.Säkerhets-SM 2019 Challenge SolutionsCalle Svensson2019-03-19 | Säkerhets-SM (Swedish high-school championship in hacking), https://sakerhetssm.se/ just finished and I was part of the organizing group. In this live stream I will go through and solve the challenges from the competition and explain methodology, tools and how to approach different challenges.Pwny Racing - Episode 2Calle Svensson2019-03-09 | Commentators: Zeta Two & b0bb Crew: LarsH Challenge author: b0bb Participants: borysp, zap, vos and hpmv Winner: vos
Stream starts at 08:45 Episode info and challenge download: https://pwny.racing/episodes/episode2/
Welcome to the second episode of Pwny Racing in which the participants race to be the first to solve a pwnable challenge.
Our test run was a huge success and we will therefore continue the concept. We will be back in this second episode with new participants and a new challenge. Hopefully, we'll have some improvements to the setup in place as well.Pwny Racing - Episode 1Calle Svensson2019-02-09 | Commentators: Zeta Two & b0bb Challenge author: b0bb Participants: jay, endeavor and Murmus Winner: Murmus
Stream starts at 05:28
Episode info and challenge download: https://pwny.racing/episodes/episode1/
Welcome to the first episode of Pwny Racing in which the participants race to be the first to solve a pwnable challenge. This episode is something of a test run where we try out the concept and see that the technical side is working. The stream starts at 05:28 there is some doubled audio the first few minutes. Sorry for that.Hacking with Zeta Two - Guest lecture on Basics of Binary Exploitation at KTH 29/1 2019Calle Svensson2019-02-05 | On the 29th of January, I was invited as a guest lecturer as part of the Ethical Hacking course at the Royal Institute of Technology, KTH, here in Stockholm where I once studied, to talk about the basics of binary exploitation. The awesome AV crew at KTH recorded the talk and I'm publishing it here for everyone to enjoy. Slides are available on my website: zeta-two.com/education/2019/02/05/kth19-talk.htmlOverTheWire Advent Bonanza 2018 - Challenge 13, Honor The GodsCalle Svensson2018-12-17 | This video is how I "solved" challenge 13 of the OverTheWire Advent calendar CTF. The meatballs and pasta turned out fairly well actually. I'm proud.
OverTheWire Advent Bonanza 2018: advent2018.overthewire.orgSolving an old challenge by LarsHCalle Svensson2018-10-20 | Doing a blind solve of an old challenge by my teammate LarsHSolving the MurmusCTF community challengeCalle Svensson2018-09-25 | I will participate in the community challenge created by MurmusCTF (twitter.com/MurmusCTF) where multiple people stream/record solving the same challenge. I have not looked at the challenge nor the other streamers before attempting this.
Post stream comment: Unfortunately, I did solve the challenge but the stream still contain a lot of good parts I think. If you are watching this afterwards and are short on time I would primarily recommend the first 1.5 hours and then skip to around the 2:30 mark and watch an hour from there.
Rough timeline:
Part 1 - Arbitrary read/write 00:00:00 - Intro 00:03:30 - Initial reversing 00:08:45 - First run 00:12:00 - Setup dynamic testing environment 00:15:00 - Suspected relative read/write primitive 00:20:00 - Suspected arbitrary read/write primitive 00:23:00 - Script read/write primitive 00:33:00 - First debugging 00:36:00 - Arbitrary read confirmed 00:47:00 - Leak data 00:50:00 - rand() prediction possible 00:58:00 - read GOT 01:01:00 - try to overwrite GOT 01:12:00 - realize Full RELRO = GOT readonly 01:18:00 - start looking for other methods 01:26:00 - checkpoint summary 01:30:30 - find stack relative write 01:32:00 - struggle starts 02:07:00 - fail at googling (this is where everything went wrong)
Part 2 - Unintended solution 02:12:00 - increment ret ptr 02:33:00 - discussion about memory corruption 02:35:00 - struggle continues 02:53:00 - new exotic idea 03:05:00 - ret increments idea formalized 03:09:00 - relative jmp in libc 03:23:00 - relative jmp scripted and ready
Part 3 - Gadget hunting 03:42:00 - recap 04:33:00 - the 3 hour exploit 04:38:00 - gadget hunting continues 05:08:00 - surrenderSolving q3ks hardflag challenge pt.2Calle Svensson2018-07-30 | In the last stream, I made an attempt to solve of a CTF challenge called "hardflag" created by q3k for the WCTF 2018. I hadn't looked at the challenge beforehand and it proved very hard. After the stream, I spent more time during the week to try to solve it and finally managed to do so. In this stream I will go through what I did, how I did it, what I learned from the process and the mistakes I made. Hopefully, it will give some insight to how you can approach these kind of problems.Solving q3ks hardflag challengeCalle Svensson2018-07-21 | I will try to do a blind solve of a CTF challenge called "hardflag" created by q3k for the WCTF 2018. I haven't looked at the challenge beforehand but judging from the tweet it involves Verilog and RISC-V, two concepts I have not worked with so this is going to take a while. Enjoy the ride.Walkthrough of dJulkalendern 2017Calle Svensson2017-12-25 | Speed solving and doing a walkthrough of the dJulkalendern 2017 puzzle (https://djul.datasektionen.se)
Table of Contents: Start: 03:15 Day 00: 04:50 Day 01: 05:55 Day 04: 08:10 Day 05: 12:20 Day 06: 17:55 Day 07: 19:35 Day 08: 25:45 Day 11: 32:30 Day 12: 37:25 Day 13: 40:20 Day 14: 46:10 Day 15: 50:40 Day 18: 1:00:50 Day 19: 1:06:20 Day 20: 1:11:05 Day 21: 1:23:45 Day 22: 1:40:10 Day -1: 2:00:25Solving a CTF challenge by @nxsolleCalle Svensson2017-11-25 | Blind solve of a CTF challenge by @nxsolleSolving a crackme by XvpzCalle Svensson2017-11-18 | Blind solve of a crackme by Xvpz
Challenge download: https://crackmes.one/crackme/5ab77f5333c5d40ad448c0ddSMT in reverse engineering, for dummiesCalle Svensson2016-11-05 | This is a re-recording of my lightning talk "SMT in reverse engineering, for dummies" which I presented at SEC-T 0x09 (sec-t.org) this September.
The talk introduces how SMT can be used in reverse engineering with the help of tools such as Z3 (z3.codeplex.com) and angr (http://angr.io).