Unblvr

@nickharbour @SuperFashi1 At this point I guess it's better to just release challenges 1-4 (or 5?) early, then start counting the time from the next challenge until a full clear. The cat is unfortunately out of the bag :/

@SuperFashi1 the ban-hammer is primed

Unfortunately, the #flareon12 unlocked early yesterday and some players got a head start. This will not effect the final standings as deltas will be applied to the player's final solve times (if they finish) to reflect the early access they received.

Bad auditors miss obvious bugs. We built an AI tool that finds them. Introducing V12: the only autonomous Solidity auditor that actually finds Highs and Criticals. We'll be releasing it for free. V12 finds Crits in Zellic audits, High/Mediums in Cantina, and a bug in Pendle.

BLS signatures are everywhere, from Ethereum’s consensus to EigenLayer. But it’s easy to use them wrong. What are BLS signatures? Let’s talk about the right way and the wrong way to use them:

How many security considerations are there for non-EVM chains? There's a TON. Developed by Telegram, @ton_blockchain has a very unique approach to both execution and state. In this thread, we'll dive into some security considerations unique to TON. ⬇️ 🧵

In December of 2023, Zellic's @farazsth98 found a bug in NEAR's blockchain node. We worked with the NEAR team to responsibly disclose and fix the issue. Exploiting this bug would crash every node on the NEAR network. Read on for all the details:

@gf_256 github.com/xoreaxeaxeax/R…

Here is a 72-byte alphanum MD5 collision with 1-byte difference for fun: md5("TEXTCOLLBYfGiJUETHQ4hAcKSMd5zYpgqf1YRDhkmxHkhPWptrkoyz28wnI9V0aHeAuaKnak") = md5("TEXTCOLLBYfGiJUETHQ4hEcKSMd5zYpgqf1YRDhkmxHkhPWptrkoyz28wnI9V0aHeAuaKnak")

Announcing the 10th annual Flare-On Challenge, launching on Sept. 29, 2023! The challenge is designed for the world’s best reverse engineers to test their skills through difficult puzzles, featuring a retro-computing challenge involving PDP-11. mandiant.com/resources/blog… #flareon10

when the offsets change

@snyksec The frustrating part was that flags were never in a single location, so significant time was spent just looking for the flag after exploiting a challenge. Missed a challenge by 30 seconds, and also 2nd place, because of this. Please give us the location, if it's not secret.

🙏 Huge thanks to everyone for participating in this year's #FetchtheFlag #CTF! It was a blast 💥 Be on the lookout tomorrow for the solution write-ups. In the meantime, let us know — what were your favorite challenges? What challenges drove you crazy? 👇

Third edition of pbctf is here! 🗓️ Dec 3rd 14:00 UTC to Dec 5th 02:00 UTC (36 hours) 🎁 Sponsored by @Zellic_io ctftime.org/event/1763 #pbctf #pbctf2022

This past weekend we had an amazing event. The Google CTF Finals 2022 which were ran as a game hacking competition we named #Hackceler8. We tried to bring under one roof some of the folks with the best hacking skills in the world and have them do/hack a videogame speedrun. 🧵1/N

@misusage_ @_mohemiv ZIP uses PBKDF2, which hashes the input if it's too big. That hash (as raw bytes) becomes the actual password. Try to hash the first password with SHA1 and decode the hexdigest to ASCII... :)

@_mohemiv How????

🫢 Backdoor password in a ZIP! 1⃣ Create ZIP: 7z a x.zip /etc/passwd -mem=AES256 -p Use this pwd: Nev1r-G0nna-G2ve-Y8u-Up-N5v1r-G1nna-Let-Y4u-D1wn-N8v4r-G5nna-D0sert-You 2⃣ Unpack it: 7z e x.zip Use this pwd: pkH8a0AqNbHcdw8GrmSp 😅 Magic!

@gf_256 And that's what's going to be left the day humanity ceases to exist. Just bots talking to bots. Our strive for making redundant, auto-scaling, self-healing infrastructure will keep them running for years once we're gone.

its insane how much of social media is just bots replying to each other

Thanks to @bootplug_ctf, our CTF registration is now open! Anyone can participate online, but only Security BSides Oslo participants will be able capture on-site flags at the venue or be eligible for prizes. ctf.bootplug.io

@ZetaTwo Last time I went to the US, the customs agent (who wields the power to deny entry, if I give off the wrong vibe) stared at my passport for the longest time. Then started his line of questioning with: "Has anyone ever told you that you look really evil on your passport photo?" 😬

There's some shady criminal on the loose in Zürich. Luckily I have been able to obtain some pictures of the suspect who is known to have been involved in several cyber attacks.

My writeups for #flareon8. github.com/myrdyr/ctf-wri…

@i_komarov @FireEye I solved it without doing any sort of reversing of the binary at all, just treating the binary as a black box.

Forgot to post earlier, but I finished #flareon8 after 6d23h, ranking 28th. Big thanks to the FLARE Team and @FireEye for the challenges! Challenge 9 really earned its name, and 10 really had potential, but had some issues that made it easier than intended.

pbctf 2021 has concluded! Congratulations to our winners @dicegangctf , @GuesserSuper, and @0rganizers ! 🏆 Thanks to everyone who participated in #pbctf and taking their precious time to solve our challenges. See you next year!