-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathindex.xml
162 lines (132 loc) · 12.2 KB
/
index.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Redouane's Blog on Redouane</title>
<link>https://red0xff.github.io/</link>
<description>Recent content in Redouane's Blog on Redouane</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-us</language>
<lastBuildDate>Wed, 24 Apr 2019 09:27:58 +0200</lastBuildDate><atom:link href="https://red0xff.github.io/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Cracking the Coding Interview (literally)</title>
<link>https://red0xff.github.io/posts/cracking_the_coding_interview_literally/</link>
<pubDate>Fri, 29 Jul 2022 18:32:00 +0200</pubDate>
<guid>https://red0xff.github.io/posts/cracking_the_coding_interview_literally/</guid>
<description>Table of Contents Introduction About competitive programming Why is it important? Types of failed submissions Let&rsquo;s focus on time limits, what? Hackerrank CodinGame for Work Codechef My Idea Choice for the slower programming language (for the stub) Initial enumeration on the different platforms Hackerrank Codingame Codechef Writing the stub Implementing the stub Decompressing the native executable Getting pointers to memfd_create, write and fexecve Creating the anonymous file, and writing the binary to it Preparing a fake ARGV and ENVP for fexecve Calling the loaded executable Testing with a C program that prints &ldquo;hello world&rdquo; Hackerrank Codingame Codechef Impact, and possible mitigations Conclusion Introduction Competitive programming was my entry point into computer science.</description>
</item>
<item>
<title>Inverting Keccak-f if the sponge leaks</title>
<link>https://red0xff.github.io/posts/inverting_keccak_f/</link>
<pubDate>Sat, 05 Feb 2022 11:15:58 +0200</pubDate>
<guid>https://red0xff.github.io/posts/inverting_keccak_f/</guid>
<description>Table of Contents What is SHA3 Why another hash function in the SHA family? Deeper view of SHA-3 The sponge construction The internal state The Permutation function at the core of Keccak: Keccak-p Theta: \(\theta\) Rho: \(\rho\) Pi: \(\pi\) Chi: \(\chi\) Iota: \(\iota\) Inverting Keccak-p \( \theta^{-1} \): Back to linear algebra \( \rho^{-1} \): Simplier than it looks \( \pi^{-1} \): Inverse transposition \( \chi^{-1} \): Non-linearity \( \iota^{-1} \): Xor again and it&rsquo;ll be done \(Keccak-p^{-1}\): Just perform the inverse operations in reverse order Example testing Implications What is SHA3 SHA3 is a family of standarised cryptographic hashing functions, it&rsquo;s the winner of the 2012 NIST hash function contest.</description>
</item>
<item>
<title>GSoC 2020 - Enhancing metasploit support for 'the Hack That Will Never Go Away'</title>
<link>https://red0xff.github.io/posts/google_summer_of_code_2020/</link>
<pubDate>Sat, 29 Aug 2020 16:45:58 +0200</pubDate>
<guid>https://red0xff.github.io/posts/google_summer_of_code_2020/</guid>
<description>Table of Contents Introduction My Proposal Community-Bonding period Results of my contribution My Google Summer of Code journey Initial work SQLite support and specs for the library Support for PostgreSQL, and other database-management systems Conclusion Introduction Being interested in computer security, and being an opensource lover, I wanted to participate in Google Summer of Code this year, after checking out the list of organizations, I applied for Metasploit, because Ruby is my main programming language, and because I was very interested in contributing to a framework of this popularity.</description>
</item>
<item>
<title>VolgaCTF 2020 Qualifier - F-Hash writeup</title>
<link>https://red0xff.github.io/writeups/volgactf_fhash/</link>
<pubDate>Sat, 28 Mar 2020 00:00:00 +0200</pubDate>
<guid>https://red0xff.github.io/writeups/volgactf_fhash/</guid>
<description>Table of Contents The Challenge Initial recon Algorithm Optimization Dynamic programming (the Bottom-up approach) Memoization (Top-down approach) Solution Allocating memory for our memoization code, and for our results array How we will add code at the beginning and end of recursive_fun First shellcode: checking if the result is already computed at the beginning of the function Second shellcode: cache results at the end of the function How to assemble shellcodes Other things to keep in mind Final gdb script that automates solving it (using the peda patch command) The Challenge We are given a binary file, and a short challenge description, you can download the file here</description>
</item>
<item>
<title>CSAW'19 CTF Finals</title>
<link>https://red0xff.github.io/about/csaw19/</link>
<pubDate>Wed, 06 Nov 2019 00:00:00 +0200</pubDate>
<guid>https://red0xff.github.io/about/csaw19/</guid>
<description>(I am the guy in the middle)
CSAW'19 CTF Finals The finals were held at NYUAD (New York University Abu Dhabi, UAE), from November 6th to November 9th 2019.
Top 10 undergraduate teams from the qualification CTF (which was held in September) were invited to the finals.
I played with Sudo_root, and we finished on the 2nd place.</description>
</item>
<item>
<title>HITB+ Cyberweek 2019</title>
<link>https://red0xff.github.io/about/hitb19/</link>
<pubDate>Mon, 14 Oct 2019 00:00:00 +0200</pubDate>
<guid>https://red0xff.github.io/about/hitb19/</guid>
<description>The event was held from October 14th to October 18th, at the Emirates Palace at Abu Dhabi, UAE.
We were invited to participate in the Standoff, the contest was about doing penetration testing in a fictional industrial city, spanning about 17 square meters (183 square feet) and containing thousands of figurines. The mock city model allowed demonstrating consequences of real cyberattacks against critical infrastructure.</description>
</item>
<item>
<title>Arab CTF 2019</title>
<link>https://red0xff.github.io/about/arabctf19/</link>
<pubDate>Fri, 20 Sep 2019 00:00:00 +0200</pubDate>
<guid>https://red0xff.github.io/about/arabctf19/</guid>
<description>The CTF was held at the Intercontinental City Stars Hotel, in Cairo, Egypt, on September 22nd.
Winners in the national CTF on each country were invited to the finals, I played with the Sudo_root team.
Really enjoyed my time at Cairo.</description>
</item>
<item>
<title>Search</title>
<link>https://red0xff.github.io/search/</link>
<pubDate>Tue, 20 Aug 2019 00:00:00 +0000</pubDate>
<guid>https://red0xff.github.io/search/</guid>
<description>Search the whole blog for keywords </description>
</item>
<item>
<title>Writeup of the Richelieu challenge</title>
<link>https://red0xff.github.io/writeups/richelieu_challenge_writeup/</link>
<pubDate>Fri, 14 Jun 2019 14:55:32 +0200</pubDate>
<guid>https://red0xff.github.io/writeups/richelieu_challenge_writeup/</guid>
<description>Table of Contents The Challenge The Solution Initial Recon a bit of History The First Portrait The Crypto part The Second portrait Reverse Engineering Relative paths : a bad idea? Buffer overflow like in 1999 The best things in life are free() Conclusion The Challenge The French external intelligence agency, known as the DGSE, published a cybersecurity challenge, the challenge remained open till June 14th 2019, in this writeup, I will try to explain every step of its solution.</description>
</item>
<item>
<title>Redouane's Blog</title>
<link>https://red0xff.github.io/achievements/</link>
<pubDate>Wed, 24 Apr 2019 09:27:58 +0200</pubDate>
<guid>https://red0xff.github.io/achievements/</guid>
<description>CSAW'19 CTF Finals The finals were held at NYUAD (New York University Abu Dhabi, UAE), from November 6th to November 9th 2019.
Top 10 undergraduate teams from the qualification CTF (which was held in September) were invited to the finals.
I played with Sudo_root, and we finished on the 2nd place.
(I am the guy in the middle)
HITB Cyberweek 2019 The event was held from October 14th to October 18th, at the Emirates Palace at Abu Dhabi.</description>
</item>
<item>
<title>When exploit mitigations are disabled on modern systems</title>
<link>https://red0xff.github.io/posts/when_exploit_mitigations_are_disabled_on_modern_systems/</link>
<pubDate>Wed, 24 Apr 2019 09:27:58 +0200</pubDate>
<guid>https://red0xff.github.io/posts/when_exploit_mitigations_are_disabled_on_modern_systems/</guid>
<description>Table of Contents Introduction Prerequisites: Vulnerable program: Vulnerability Analysis of the executable Exploitation Initial plan Searching for ROP gadgets in the application Implementing the exploit Part1 - Initial Buffer overflow, stack pivoting Part2 - VirtualProtect the main module to ERW, scanf on ERW memory, and jump to it: Part3 - Final shellcode Putting it all together Conclusion Introduction While experimenting with the Windows exploit mitigation policies, I noticed that MinGW-GCC does not enable most of the modern protections by default.</description>
</item>
<item>
<title>ALCPC 2018</title>
<link>https://red0xff.github.io/about/alcpc18/</link>
<pubDate>Mon, 01 Oct 2018 00:00:00 +0200</pubDate>
<guid>https://red0xff.github.io/about/alcpc18/</guid>
<description>Algerian Collegiate Programming Contest 2018 The contest was held at University Mohamed Khider at Biskra, Algeria, from October 1st 2018 to October 3rd.
It was a programming contests, ACM ACPC qualifier. I played with the team NerDz, with students from my school, we finished on the second place, with an equal number of points as the first team (time penalty did the difference).</description>
</item>
<item>
<title>HackINI 2018 : Some Writeups</title>
<link>https://red0xff.github.io/writeups/hackini18/</link>
<pubDate>Mon, 12 Feb 2018 00:00:00 +0200</pubDate>
<guid>https://red0xff.github.io/writeups/hackini18/</guid>
<description>The Event HackINI (stands for Hack Initiation) is an event that is held once a year at the higher national school of computer science at Algiers, in a whole day, a CTF competition and workshops on various information security subdomains are held in parallel, this year, it was held on February 10th.
The challenges of the CTF competition are mostly easy-medium, this post will contain some writeups on some of the tasks.</description>
</item>
<item>
<title>NFSMW2012 : making opponents fly</title>
<link>https://red0xff.github.io/posts/nfsmw2012_making_opponents_fly/</link>
<pubDate>Sat, 20 Jan 2018 00:00:00 +0200</pubDate>
<guid>https://red0xff.github.io/posts/nfsmw2012_making_opponents_fly/</guid>
<description>This is a gamehacking tutorial targeting Need for Speed Most Wanted 2012.
In this tutorial, I will register a hotkey that when pressed, will raise all the opponents by 20m to the sky (and by opponents I mean both cops and race opponents), lets start :D
We&rsquo;ll start by searching for the z coordinate of our car (a value that indicates its height), we must keep in mind that the z axis might be inverted (ie.</description>
</item>
<item>
<title>Himayatic 2017 - Rev400 Writeup</title>
<link>https://red0xff.github.io/writeups/himayatic17_rev400/</link>
<pubDate>Sun, 05 Nov 2017 00:00:00 +0200</pubDate>
<guid>https://red0xff.github.io/writeups/himayatic17_rev400/</guid>
<description>Hello, today I&rsquo;ll crack a .NET crackme, it was featured on Himayatic CTF, November 2nd 2017. Download link : https://drive.google.com/open?id=0B7U3AsTA9UVfRHdTY2hfQzZrQm8
Let&rsquo;s start :) First, we notice that it&rsquo;s a .NET crackme, it asks for a serial, and displays &quot;Wrong Serial ... !!!&quot; when we enter a random one.
We open it in a .NET decompiler (I used dnSpy, which is a fork of ILSpy), and we immediately locate this function :</description>
</item>
</channel>
</rss>