MetaCTF 2018 Write-ups

MetaCTF 2018 was held at the University of Virginia’s Darden School of Business this past weekend. Although a majority of the challenges were standard fare for CTFs, the competition also included a sizable portion of “physical” challenges like lock-picking, as well as legal and ethical case studies. With an emphasis on introducing and teaching cybersecurity, MetaCTF erred on the easier side, but the day’s schedule definitely put a crunch on finding all 48 of the competition’s flags.

Out of 56 teams, we placed 3rd with 11,258 points as team “Drink More Caffe”:

  • Lucas Mun, Virginia Tech
  • Christopher Truong, University of Virginia
  • Brandon Walker, Virginia Tech
Although we topped the technical challenges, the law questions also had a significant impact on the final standings.

Although we topped the technical challenges, the law questions also had a significant impact on the final standings.

This write-up will focus more on the traditional CTF challenges and the flags I spent the most time with, including the crypto, exploitation, reversing, and forensics sections. Most of the challenges were solved with a couple of lines of Bash or Python, and the executable challenges with Binary Ninja. Although the binaries are all 64-bit ELFs, all challenges can be solved on a Windows box without any issues.

Customizing OneNote 16's Custom Pens

Microsoft’s OneNote is an incredibly useful tool for note organization, and with the advent of 2-in-1 devices, digital inking. I have personally been using the Android version with an active stylus and recently moved over to Windows, only to realize that the default pen colors and sizes are slightly different. For the sake of consistency between notes, I was interested in tweaking these settings to be reasonable similar across versions. Unfortunately, there did not appear to be any OneNote extensions or programs for accomplishing this easily.

This write-up describes the process of discovering where the values are persistently stored and how they can be conveniently modified.

XORing Strings in the Twenty-First Century

When attempting to remain out of sight from string-reliant detection systems, whether it be anti-cheat engines or even just the novice reverse engineer, XORing is a commonly used technique. This is not a new-fangled technique by far and truly only serves to defeat naïve static analysis; not only can the cipher text be trivially decoded by hand, but the plaintext is stored as clear as day in memory after first use. Rather, this is a way to escape signature scans of, e.g., .rodata.

Such techniques have been employed for quite a while in regard to mainly unsavory programs, including malware and game cheats. Traditionally, this involved a pseudo-preprocessor build step that would replace wrapped strings with encoded equivalents and include a runtime decoding function. With the advent of C++11 and modern template intricacies however, it is now possible to carry out this encoding process at compile-time without any external tooling.

Strategies for CyberPatriot

CyberPatriot is a secondary school-level cybersecurity competition based around hardening instances of desktop and server machines. Sponsored by the Air Force Association and Northrop Grumman, the program is an initiative to inspire a new generation of engineers for the adapting government landscape. It presents a unique experience, especially to those without any prior introduction to the subject matter.

Unfortunately, much of the competition is hazed with an air of mystery; if not for the upperclassmen who had first introduced me I would have had no idea what CyberPatriot entailed before diving straight in competition day. Even after two years I realized I wasn’t much more aware of what was really going on beyond the Mario coin sound playing every time I got lucky with installing anti-virus software. This expository piece is my effort to alleviate this void in understanding, if not only for myself but for any other CyberPatriot stuck in the same rut.

PACTF 2016 Write-ups

PACTF, as hosted by the Phillip’s Academy, was a three-round capture-the-flag that took place from April 10th to May 1st. This competition was unique in that it featured a week-long competition window allowing contestants to select their own forty-eight hour time frame. The rounds covered a variety of subject matters and offered challenges from the beginner to downright difficult levels.

We are the Forest Park Bruins, a team of five high school students and aspiring computer scientists from Woodbridge, Virginia:

  • Brandon Walker, your’s truly
  • Hamza Mir
  • Mathew Cinnamon
  • Michelle Miller
  • Joseph Bokossa

These write-ups will attempt to provide context and strategies for the competition’s problem set. Due to the inopportune timing of the competition however not all solves are documented. Nevertheless, code snippets beginning with $ were run on zsh on Ubuntu 14.04 while snippets beginning with >>> were ran in Python 3.5.