08/02/2022The Synacktiv team participated in the Insomni'hack teaser 2022 last week-end and placed 9th out of 280 teams. The onetestament challenge was pretty interesting and taught me a few tricks so I have decided to write a detailed solution. In this writeup, I have tried to illustrate the thought process behind solving this challenge, rather than just the usual solve.py (which you can still find at the end of the article). Expect to see some (old) heap tricks and enjoy the read!
08/09/2021Usually we don't do blog posts about CTF challenges but we recently stumbled across a challenge that was a good opportunity to talk about several macOS/iOS internals, security mechanisms and exploit methods...
02/08/2021Synacktiv participated in the first edition of the HackTheBox Business CTF, which took place from the 23rd to the 25th of July. The event included multiple categories: pwn, crypto, reverse, forensic, cloud, web and fullpwn (standard HTB boxes). We managed to get 2nd place after a fierce competition. We had quite a lot of fun so we decided to publish write-ups of the most interesting challenges we solved.
27/05/2021There are some days where things do not go your way. And there are some other days where they go catastrophically wrong. Several months ago, I had the unfortunate experience of wiping 2 years of my work. This blogpost explains why this tragedy happened and what I did to recover some critical data from the ashes of my SSD.
28/07/2020ZDI announced last year a new entry in it's yearly contest "Pwn2Own". After the Vancouver edition focused on Desktop software and Tokyo specialized in smartphones, there is now a third location in Miami dedicated to industrial software also known as ICS or SCADA.
12/05/2020This weekend was held the Sharky CTF, organized by students of ENSIBS. A series of 7 forensic challenges concerning a same machine memory dump was proposed. They make a great introduction to memory forensic in Linux, from the creation of a specific Volatility profile, to the reverse engineering of a rootkit installed on the machine. Stay sit, here is the writeup!
05/01/2020The advent ctf organized by overthewire proposed various challenges that would unlock on a daily basis (like an advent calendar). I found day number 2 (made by hpmv) quite challenging and super fun to solve! It involved crypto, network and rev in a blackbox environment. The full source code used to solve this challenge is available here https://github.com/majin42/adventctf_otw_day2
19/12/2019We took part to FIC2020's prequals CTF, organized by the French team Hexpresso with a team made of @dzeta, @laxa, @swapgs and @us3r777. We managed to finish second, so here is our writeup!
17/09/2019On September 7th, 2019, BFS published an exploitation challenge on Windows 10 x64 to win an entry for the BFS-IOACTIVE party during the Ekoparty conference. This blogpost aims at describing a successful resolution of the challenge.
30/07/2019The 2019 summer challenge is now closed! This was a bit of a departure from the usual hardened binaries, as it showcased a programming model that is not a distant relative of the Turing machine. This article will give a high level overview of the challenge's solution, and some behind-the scenes comments.