hacking - Nick's Blog

Nick's Blog

Sign in Subscribe

hacking

A collection of 11 posts

Demystifying Epic Games Store Spyware

Demystifying Epic Games Store Spyware

Over the past few weeks, I've seen a lot of discussion [https://www.reddit.com/r/PhoenixPoint/comments/b0rxdq/epic_game_store_spyware_tracking_and_you/] about whether or not the Epic Games' store is spyware. Unfortunately, the "proof" and "research" that has been shared is far from either of

CSAW Write-Up: shell->code

CSAW Write-Up: shell->code

It's been a few weeks since me and the Mechasheep played CSAW, but that doesn't mean there's nothing left to write about. The first and easiest pwn challenge I encountered during the competition was called shell->code, a baby-class challenge. The simplicity of this challenge means I can actually focus

CSAW Write-up: Turtles

CSAW Write-up: Turtles

This past weekend, me and my team played CSAW CTF after taking quite a long break. We managed to hold top-20 for a good portion of the competition, even going as high as 12th place. Even though we lost our breath by the final day and finished in 40th, I

PlaidCTF Write-up: Shop

PlaidCTF Write-up: Shop

To warm up for DEFCON quals, my team and I decided to give PlaidCTF a shot. We knew it was going to bring some hard, fun challenges, and it did not disappoint. I immediately jumped into my comfort zone by tackling a pwn challenge, and got my first flag of

How To Hack - Episode 2: Use-After-Free Triple Bounce

capture the flag

How To Hack - Episode 2: Use-After-Free Triple Bounce

Time for episode two of How to Hack! The challenge in this episode is a harder version of the one from episode one, so make sure to check it out first. If you missed it, you can find it here [https://nickcano.com/how-to-hack-ep-1/]. Link here [https://www.youtube.com/

How To Hack - Episode 1: Trampoline Stack Smash

capture the flag

How To Hack - Episode 1: Trampoline Stack Smash

So I've recently started streaming again, and pwnables are of my favorite things to stream. Twitch nukes my recordings after only two weeks, but they contain really good, detailed breakdowns of the attacks I use. They're like my write-ups, but in a different medium. I just put together the first

TUCTF Write-up: Temple of Malloc

TUCTF Write-up: Temple of Malloc

It's been a few months since me and my team started practicing CTF again, and we finally played in a live CTF over the weekend. It was a a fun CTF, and we actually managed to place above PPP with a team of only three people. I mean, it's clear

Pwnables Write-up: FSB

Pwnables Write-up: FSB

I'm on vacation in Mexico this week, which essentially means blow off pool time and hack stuff. I decided a relatively simple challenge would be a good starting point for the week, since I've never CTFed on this laptop and I was expecting to be constantly interrupted by vacation conversation

Pwnables Write-up: Note

Pwnables Write-up: Note

And there goes another night spent honing my CTF skills. This time, I decided to tackle pwnables [http://pwnable.kr] Note challenge for 200 points. > Check out my SECURITY PATCH for mmap(). despite no-ASLR setting, it will randomize memory layout. so it will contribute for exploit mitigation. wanna try sample

Pwnables Write-up: Malware

Pwnables Write-up: Malware

Recently, me and Vadim [https://twitter.com/vadimkotov] decided to tag-team a 500 point challenge on pwnable [http://pwnable.kr] called malware: I have no respect for writing malware but I do have respect for writing cool malware lets find a way to beat ANUBIS (https://anubis.iseclab.org) download

Pwnables Write-ups (October 2017)

Pwnables Write-ups (October 2017)

It's been nearly a year since I played my last competitive Capture The Flag (CTF); life has kept me busy and I haven't had time to practice much. Recently, me and a buddy decided to start practicing again so that we could get back to competing in the near future.