On July 30, 2023, a vulnerability in the Vyper compiler version v0.2.15’s re-entrancy guard allowed a re-entrance attack exploited Curve Finance Pools and $69M was stolen; after all refunds, the total loss is about $20M. I find this exploit interesting since it is undetectable at the pre-compiled/source code level (this is the tip of the iceberg anyway). The high-level problem was that the Vyper compiler’s re-entrance protection “promised” developers to handle the re-entrancy guard CORRECTLY, but it failed to do so. In this blog, I reverse engineered vulnerable contracts to demonstrate how the vulnerability can be automatically detected.

Continue reading 

This challenge - CATBERT Ransomware - requires participants to analyze and reverse engineer a UEFI firmware, and defeat a Virtual Machine based obfuscation technique to retrieve decryption keys. This write-up walks you through the entire process and provides technical details on how to identify and analyze the VM dispatcher, write a disassemble, and leverage a x86 decompiler to enable a thorough examination of the VM code.

Continue reading 

Blockchains has been abused by threat actors to deliver malicious payloads due to the decentralized nature, which makes it harder to monitor and regulate. This challenge highlights the need for enhanced security measures within blockchains ecosystems. I also tried to include some related resources in this blog if you are new to Ethereum blockchains and want to read further.

Continue reading 

This challenge is indeed a .NET binary, but it is not a conventional .NET sample, so standard .NET decompilers will not be effective. I divided the challenge into three stages. The first stage focuses on reverse engineering a Native Ahead of Time (AOT) .NET binary. The second stage involves cryptanalysis of the Elliptic Curve Diffie–Hellman (ECDH) algorithm to recover the secret key. The final stage consists of extracting encrypted messages from captured data and performing a replay attack using the same secret key to recover an exfiltrated flag.

Continue reading 

The challenge prompt contains some important keywords that help you know where to start: sshd, crashed, stole. By combining these key terms, you can quickly identify the main task in this challenge: Investigate a core dump of sshd from a file system to see what happened and what data (flag) was stolen.

Continue reading 

Struct, short for structure, is an important concept in many programming languages. A struct can contain different variables, each of which can be a different data type. Struct allows programmers to group many fields into a structured group for easier processing, storage, and access. Therefore, structs are used in almost all applications.

Continue reading 

The name shellcode came from its original use to spawn a system shell in exploits after attackers successfully exploit vulnerabilities in software and redirect execution to the injected code. In general, a shellcode is a set of instructions that can be loaded and executed at any memory address (i.e. Position-independent code). Therefore, it cannot contain hard-coded addresses and must use reliable techniques to load or resolve addresses of the APIs/functions it needs.

Continue reading 

Hello, World!

Programming is one of the most important skills in computer science. Typically, beginners take their first step into a new programming language by writing the iconic “Hello, World!” program. To maintain this tradition and encourage beginners to establish a strong foundation for their future work, my first blog post will be about a “Hello, World!” program, this time written in x86 assembly.

Continue reading 

A “tag” is a keyword or label assigned to a post to categories it and make it easier to organise and search for. Tags help in classifying content based on its subject matter or key topics. Therefore, sharing my tagging strategy will help you navigate this blog and fully utilise its contents.

Continue reading 