October 17, 2017 Flare-on 2017 #6: payload.dll The file is a DLL and should be started as such. The file contains a small hint on how it should be used in a string: ctf flareon4
October 17, 2017 Flare-on 2017 #5: Pewpew boat! Pewpewboat was one of the most fun challenges so far! The executable provided is a 64-bit Linux executable (the reason for 64-bit will be apparant later), which is the game Battleship. You enter coordinates in a prompt which consist of... ctf flareon4
October 17, 2017 Flare-on 2017 #4: notepad.exe Notepad, when you open it, is just that: Windows notepad. But quick examination shows that the entrypoint of this executable is moved to near the end of the file at 0x1013a00, which is suspicious. ctf flareon4
October 17, 2017 Flare-on 2017 #3: greektome.exe This challenge spawns a listening socket that takes 4 bytes. Then; it ANDs this with 0xFF (so effectively only uses one byte) and feeds it to a function that decodes a piece of code in the executable (hence the expression... ctf flareon4
August 29, 2017 Communicating within 0.0.0.0/8 Recently, someone came to me with the problem that some remote IOT-devices received a broken configuration where the first octet of their IP-address was changed to 0 (i.e. from 192.168.0.4 to 0.168.0.4). Because of the location of these devices it... networking