Awesome!

do you teach people to play ctf on the side?

Another great trick is bit-flipping random chars in a Base64 key and then decoding it to ascii values for obfuscation. Pretty hard to reverse engineer.

cool

great video. thanks.

Wow i like your approach on Mac doing Ubuntu pwns. Can you share dockerfile for "ubuntu-pwner" or is it something public? And maybe your Makefile?

hey im stuck on the WEB Linguist where i get to where i do the payload and I python3 to run the payload and it shows up the directory with where the flagtxt is suppose to be but it only shows flag.txt instead of the given flag for the challenge

was interested in java binex challenges found this instantly. I am finding you everywhere atp.

Hi, i am also a mac os user, how do you run the elf binary to do the pwn challenge? i usually use vmware fusion, and it is very heavy on resources, any suggestions?

window.location can be blocked inside an actually - with child-src disallowing navigation to any exfiltratable locations, and popups disabled

That's amazing Subscribed!!!

Do you have a video going more in depth on format string vulnerabilities? Getting the libc addresses and creating the payload confuses me.

They asking for password to unzip the file what I do. And which method you use to solve this Plz replay

hi! i was wondering how you managed to get the docker thing running, because when i tried to use the one listed in your description, it just shows: rosetta error: failed to open elf at /lib64/ld-linux-x86-64.so.2 Trace/breakpoint trap it would be appreciated if you could help, thanks!

In the forensics problem named "an-unusual-sighting" how did you extract this? It requires password!!

please do you have any reference that may help me add the pwndbg to my gdb

jesus f crist, soloed the whole damn CTF. It's like beating an insane difficulty level of game that requires 5-person team work. Damn, this is hot.

unknown _idcodecodeName InvalidBSON% when using telnet in curl like this: curl “telnet://mongodb:27017” -T payload.raw -max-time 1 -o output.txt netcat works like this: cat payload.raw | nc localhost 27017, but i really need to use curl and telnet, any solution?

Love your videos <3 Do you pwn in an M1? I'm curious about the docker configuration you use (or how do you debug with gdb) Cheers and keep the videos going!

thanks for ur videos and we hope if u can share a link for these challs (if available).

In forensic challenge unusual sighting how to unzip file and open logs and ssh files?

how did you find the counter address in the pwn/master-formatter-v2 "counter_address=stack__leak-292"

Completely new to bsides, is the CTF event still ongoing?

Awesome 😁

when u continue the series about pwn?

For enough-with-the-averages I tried solving it with passing 'a' as the invalid input but thought it's impossible to calculate this way, but then my friend solved it with 'a' so... very cool to learn that a plus sign counts as invalid input but also flushes the buffer :)

Format String Vulnerability in pwn,can you teach?

Nice writeup!! I had tcache poisoning in mind but 23:38 I solved it by overwriting a vtable ptr in bss. Got arb read by overwriting the ptr at 0xf0 after the string, but arb write was limited to bss and heap in my case didn't wanted to do it heap way cause I didn't have a proper pwndbg setup lol.

Quality stuff, keep it up!

Wow you are fast, the heap peek and poke was completely killing me the entire ctf, kinda hurts to see how close I was to solving it. Definitely writing down the pwninit and patchelf trick. gg Also a small trick for the averages, since you are sending each input separately it's quite slow, you can send it all at once and it's much faster as stdin gets buffered, ```p.sendline(b'0 ' * i + b'- ' + b'0 ' * (19 - i))```