Solving a CTF challenge: Exploiting a Buffer Overflow (video)

Capture The Flag (CTF) competitions are an entertaining way to practice and/or improve your skills.

NVISO staff regularly participates in CTF competitions, in particular when the competition focuses on IT security.

We produced a video with step-by-step analysis of a CTF executable containing a buffer overflow. This executable is running on a server, and by providing it specially crafted input, a buffer overflow will lead to a remote shell. In this video, we explain how to determine what input is needed to obtain a shell, by reverse engineering the executable with IDA Freeware for Linux.

Although this video was recorded for internal use, we decided to release it. Enjoy!

About the authors
Didier Stevens is a malware expert working for NVISO. Didier is a SANS Internet Storm Center senior handler and Microsoft MVP, and has developed numerous popular tools to assist with malware analysis. You can find Didier on Twitter and LinkedIn.

2 thoughts on “Solving a CTF challenge: Exploiting a Buffer Overflow (video)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s