The First Stripe CTF

Although I did not have the chance of playing in neither of the three Stripe CTFs, I was quite enthralled when I took a look at the problems. I decided to solve them anyway and I am writing this series of writeups.

This post is about the first Stripe CTF …

more ...

Smashing the Stack for Fun or WarGames - Narnia 0-4

One of my mentors, Joel Eriksson, suggested the quintessential WarGames, a collection of Security problems, divided into 14 interesting titles. I have been playing the games since last week and they are awesome! To play the WarGames you SSH to their servers with a login that indicates your current level …

more ...

Understanding the Shellshock Vulnerability

Almost a week ago, a new (old) type of OS command Injection was reported. The Shellshock vulnerability, also know as CVE-2014-6271, allows attackers to inject their own code into Bash using specially crafted environment variables, and it was disclosed with the following description:

    Bash supports exporting not just shell variables …
more ...