Nick's Blog

Nick's Blog

Sign in Subscribe

Demystifying Epic Games Store Spyware

Demystifying Epic Games Store Spyware

Over the past few weeks, I've seen a lot of discussion [https://www.reddit.com/r/PhoenixPoint/comments/b0rxdq/epic_game_store_spyware_tracking_and_you/] about whether or not the Epic Games' store is spyware. Unfortunately, the "proof" and "research" that has been shared is far from either of

CSAW Write-Up: shell->code

CSAW Write-Up: shell->code

It's been a few weeks since me and the Mechasheep played CSAW, but that doesn't mean there's nothing left to write about. The first and easiest pwn challenge I encountered during the competition was called shell->code, a baby-class challenge. The simplicity of this challenge means I can actually focus

CSAW Write-up: Turtles

CSAW Write-up: Turtles

This past weekend, me and my team played CSAW CTF after taking quite a long break. We managed to hold top-20 for a good portion of the competition, even going as high as 12th place. Even though we lost our breath by the final day and finished in 40th, I

PlaidCTF Write-up: Shop

PlaidCTF Write-up: Shop

To warm up for DEFCON quals, my team and I decided to give PlaidCTF a shot. We knew it was going to bring some hard, fun challenges, and it did not disappoint. I immediately jumped into my comfort zone by tackling a pwn challenge, and got my first flag of

Hardware Hacking: Automating a USB3 Switch

electrical engineering

Hardware Hacking: Automating a USB3 Switch

When I'm working from home, I like to feel comfortable on my regular battlestation. My work has to be done on a company machine, however. To keep the familiarity of my setup while on my work laptop, I decided to use a KVM Switch. The KVM Switch has inputs for

How To Hack - Episode 2: Use-After-Free Triple Bounce

capture the flag

How To Hack - Episode 2: Use-After-Free Triple Bounce

Time for episode two of How to Hack! The challenge in this episode is a harder version of the one from episode one, so make sure to check it out first. If you missed it, you can find it here [https://nickcano.com/how-to-hack-ep-1/]. Link here [https://www.youtube.com/

How To Hack - Episode 1: Trampoline Stack Smash

capture the flag

How To Hack - Episode 1: Trampoline Stack Smash

So I've recently started streaming again, and pwnables are of my favorite things to stream. Twitch nukes my recordings after only two weeks, but they contain really good, detailed breakdowns of the attacks I use. They're like my write-ups, but in a different medium. I just put together the first

Throwbacks Part 1: The Effects of Bots on Online Games

Throwbacks Part 1: The Effects of Bots on Online Games

> This is the introduction to a multi-part series where I will be refreshing and reposting content which I've written before the days of this blog. An introduction to the series and topic is here [https://nickcano.com/throwbacks-0]. Back when I was writing my book, I intended to include a

Throwbacks Part 0: Introduction

> This is the introduction to a multi-part series where I will be refreshing and reposting content which I've written before the days of this blog. You can check out the first installment here [https://nickcano.com/throwbacks-1-bots-tibia]. Over the years, I've written heaps of content about everything from bot development,

New Dual Loop Build

New Dual Loop Build

Over the holiday break, I took a night to rebuild my computer. My previous build was actually pretty fresh, with a Ryzen 7 1800x and 32GB of ram, but the older R9 290 cards weren't pulling their weight in a gaming build pushing two 4k screens. I decided to upgrade

TUCTF Write-up: Temple of Malloc

TUCTF Write-up: Temple of Malloc

It's been a few months since me and my team started practicing CTF again, and we finally played in a live CTF over the weekend. It was a a fun CTF, and we actually managed to place above PPP with a team of only three people. I mean, it's clear

Pwnables Write-up: FSB

Pwnables Write-up: FSB

I'm on vacation in Mexico this week, which essentially means blow off pool time and hack stuff. I decided a relatively simple challenge would be a good starting point for the week, since I've never CTFed on this laptop and I was expecting to be constantly interrupted by vacation conversation

Pwnables Write-up: Note

Pwnables Write-up: Note

And there goes another night spent honing my CTF skills. This time, I decided to tackle pwnables [http://pwnable.kr] Note challenge for 200 points. > Check out my SECURITY PATCH for mmap(). despite no-ASLR setting, it will randomize memory layout. so it will contribute for exploit mitigation. wanna try sample

Pwnables Write-up: Malware

Pwnables Write-up: Malware

Recently, me and Vadim [https://twitter.com/vadimkotov] decided to tag-team a 500 point challenge on pwnable [http://pwnable.kr] called malware: I have no respect for writing malware but I do have respect for writing cool malware lets find a way to beat ANUBIS (https://anubis.iseclab.org) download

Pwnables Write-ups (October 2017)

Pwnables Write-ups (October 2017)

It's been nearly a year since I played my last competitive Capture The Flag (CTF); life has kept me busy and I haven't had time to practice much. Recently, me and a buddy decided to start practicing again so that we could get back to competing in the near future.

Hooking LuaJIT

If you've been around the gaming industry even a little, you've almost definitely heard of Lua [https://www.lua.org/]. This potent scripting language has found itself embedded in thousands of video games, acting as an API for engineers to easily add functionality to game clients and servers alike. > Sidebar:

Reversing the League of Legends Client

Reversing the League of Legends Client

> DISCLAIMER: This is for information and learning purposes only, I do not endorse or recommend using this information to make any unofficial tools which can result in bans (or worse). Back when League of Legends' client was still written in Adobe AIR, I reverse engineered it, located the functions responsible

Bot Architecture Part 2: Versions & Updates

Bot Architecture Part 2: Versions & Updates

> This is the second installment in a multi-part series about the architecture and design of XenoBot. An introduction to the series and topic is here [https://nickcano.com/bot-architecture-0/] and the first post is here [https://nickcano.com/bot-architecture-1/]. One peculiar aspect of bot development is the frequent out-of-cycle updates

Quitting Windows 7 Necromancy

Quitting Windows 7 Necromancy

My OS install for my main Desktop is going on 6 years now. Since it's advent, it has undergone a slew of changes. Off the top of my head, I know it started on an HDD, moved to an SSD with the system reserved partition on an HDD beside it,

Bot Architecture Part 1: Threading

Bot Architecture Part 1: Threading

> This is the first installment in a multi-part series about the architecture and design of XenoBot. An introduction to the series and topic is here [https://nickcano.com/bot-architecture-0/] and the next post is here [https://nickcano.com/bot-architecture-2/]. The core code of XenoBot exists withing the memory space of

Bot Architecture Part 0: Introduction

> This is the introduction to a multi-part series about the architecture and design of XenoBot. You can check out the first installment here [https://nickcano.com/bot-architecture-1/]. Before I dive into the nitty-gritty of XenoBot's architecture, I think it's appropriate to introduce XenoBot at a high-level. XenoBot is a client