Solving a CTF challenge: Exploiting a Buffer Overflow (video)

Capture The Flag (CTF) competitions are an entertaining way to practice and/or improve your skills.

NVISO staff regularly participates in CTF competitions, in particular when the competition focuses on IT security.

We produced a video with step-by-step analysis of a CTF executable containing a buffer overflow. This executable is running on a server, and by providing it specially crafted input, a buffer overflow will lead to a remote shell. In this video, we explain how to determine what input is needed to obtain a shell, by reverse engineering the executable with IDA Freeware for Linux.

Although this video was recorded for internal use, we decided to release it. Enjoy!

About the authors
Didier Stevens is a malware expert working for NVISO. Didier is a SANS Internet Storm Center senior handler and Microsoft MVP, and has developed numerous popular tools to assist with malware analysis. You can find Didier on Twitter and LinkedIn.

One thought on “Solving a CTF challenge: Exploiting a Buffer Overflow (video)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s