NULLCON CTF Vuln3 - Heap Buffer Overflow

Brooklynt Overflow Recently Competed in HackIM CTF. This is a writeup of the vuln3 service. Vuln3 is a service exposed to the Internet via xinetd or something similar. It accepts input from you writes it to the stack, parses it and performs actions based on it. It does this until you disconnect. The important parts of user input are dwords at offset 0x28 and 0x50. The dword at offset 0x28 tell the service what operation to perform. The dword at offset 0x50 is used only when you ask the service to allocate some memory for you, it is then used as the argument to malloc.

NullCon Vuln 2 Stack Based Buffer Overflow

Exploitation 200 HackIM


This challenge was relatively straightforward, especially given the fact that we have access to the source.

CSAW CTF Finals 2013 VMs

A few weeks ago the CSAW CTF Finals were held at NYU-Poly with 15 finalist teams competing.

APT1 Afterthoughts

After reading through the Mandiant APT1 report detailing the presence of the Advanced Persistent Threat group 1 (APT1) which has been attacking a devastating number of companies and governments around the world a variety of questions come to mind.  Considering the amount of time that has passed since Mandiant published the APT1 report in February one cannot help but wonder what the current status of APT1 is.  As a quick overview for those who didn’t finish the report, Mandiant leaves us with two very profound statements regarding the composition of the APT1 group.


July 5-7 Brooklynt Overflow participated in SIGINT CTF hosted by the good folks over at CCCAC in Germany. Despite the fact that Brooklynt Overflow is not always the most effective team during the summer owing to inability to gather in the same place and the fact this competition was over a holiday weekend (Go team USA!) we didn’t fare terribly, finishing #21 on the scoreboard. This is a write up of one of the pwning challenges, crash.

PHP strip_tags not a complete protection against XSS (Repost From Archive)

PHP strip_tags not a complete protection against XSS” was originally written by Dan Guido when he was a student in the ISIS Lab.

Writing an XSS Worm

This was done while interning at Gotham Digital Science and the original blog post can be found here: