Events

CTF WMD: WAR OF THE WORLD in HITB2013 Kuala Lumpur

The HITB (Hack In The Box) SecConf2013 was held from 14-17 October 2013 in Kuala Lumpur, Malaysia. On 14-15, they provided us with hands-on technical training about exploits, web hacking, penetration testing and building a secure web/mobile app. On 16-17, we had a conference with three tracks; Commsec village, Hackweekday and Capture The Flag Weapons of Mass Destruction: War of the World (referred to as “CTF WMD:WotW”).

I would like to introduce “CTF WMD:WotW”. In this game, each team represented a country. Each team was provided the same server with daemons. One of them was a daemon that generated HP (main score of this game) for playing countries. The country with the highest HP country would be the winner. Other daemons generated and added extra cash for the playing countries. The cash was used to purchase shields and to repair any damaged daemons. Teams were required to “attack” rival teams, as well as to protect their own daemons. A special (strong) weapon called “Nukes” was unlocked if they successfully solved bonus challenges.

To protect/attack daemons, they were required to analyze daemons to identify a vulnerability. Let’s take a look at one daemon as an example. The daemon was designed to receive 1024 bytes maximum, but actually it could receive 1040 bytes. So, the last 16 bytes could be used to overwrite memory:

Below is the test data (“A”(x41) * 1040 byte) sent to the daemon to check the vulnerability:

The data overwrites EBX, EBP, EDI and EIP with “x41x41x41x41” in GDB.

Creating a security patch for the daemon seems to be not so difficult. On the other hand, it looks much more difficult to create an exploit for this vulnerability – because it would need more of a trick than overwriting only the 16 bytes.

This game also had bonus challenges and a team could unlock Nukes by solving the challenges. Nukes were capable of completely destroying a rival team’s daemon.

In one of the bonus challenges, wave files were supplied. The above picture was derived from the analysis of a wave file. It looks like a part of QR code, doesn’t it?

The top teams successfully unlocked some Nukes from the bonus challenges and squared off against each other. At the final phase of the game, they started to use Nukes against their rivals. Use of Nukes affected the final results a lot.

ctf_wmd_eng

Finally, the winner was “WTF” with the significant result of 7480HP, and 2nd was “dynobot” with 3210HP.

If you think it is interesting, please join up for the next conference and play CTF!

CTF WMD: WAR OF THE WORLD in HITB2013 Kuala Lumpur

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox