Last weekend saw the year’s CTF competitions begin with our very own Insomni’hack teaser. Given some of the recent absurdities (http://weputachipinit.tumblr.com/) we decided to go with the Internet of Things as our theme this year.
Continue reading Insomni’hack 2016 teaser resultsBypassing TPM-based Bitlocker
Attack on Windows authentication mechanism
At the recent BlackHat Europe conference (November 10 – 13, Amsterdam) a security researcher called Ian Haken presented a very interesting, simple yet powerful attack allowing to bypass Windows (Kerberos) authentication on machines being part of a Domain.
Continue reading Bypassing TPM-based BitlockerSCRT Security Day 2015
Jeudi 17 septembre
09:00 – 17:00
Hôtel Best Western à Chavannes-de-Bogis
SCRT @ DEFCON 2015
Cet été, 4 ingénieurs de l’équipe se sont rendus à Las Vegas pour les finales du concours de Capture the Flag (CTF) organisé par Legit BS à DEFCON. Ils se sont qualifiés en 10ème position avec l’équipe 0daysober.
Continue reading SCRT @ DEFCON 2015Defcon 2015 résolution heapsoffun
La semaine dernière, plusieurs ingénieurs de SCRT ont participé aux qualifications du CTF Defcon avec l’équipe 0daysober, qui a terminée 10ème et se qualifie donc pour la finale ! Ce post décrit deux des épreuves résolues, knockedup et heapsoffun.
Continue reading Defcon 2015 résolution heapsoffunInsomni’hack finals – InsomniDroid Level 1 Writeup
The challenge was delivered as a zip file (InsomniDroid.zip). The first challenge was perhaps to download it (with its 602.5 MiB). The zip file contains a single file: mmcblk0.dd. A file command gives some information:
Continue reading Insomni’hack finals – InsomniDroid Level 1 WriteupGS Days 2015
La 7ème édition des “GS Days, Les Journées Francophones de la Sécurité de l’Information” s’est tenue ce mardi 24 mars 2015 à l’Espace St-Martin à Paris.
Continue reading GS Days 2015Insomni’hack finals – Hollywood network writeup
You probably saw on many ‘hackers movies’ weird IP address such a 312.5.125.833. On this challenge, you had to connect on a fake IBM mainframe running on this strange IP stack. After the Z/OS banner, you had to get a shell with “L IMS3270”. No guessing here, it’s simply one of the three suggestions. On the READY prompt, you had a bunch of crappy commands extracted from the Swordfish movie. Only FLAG, IFCONFIG worked. FLAG expects an IP address as parameter. Since this mainframe runs on a non-standard IP stack, you can’t simply enter your IPv4 address. So you have to get a look at the IFCONFIG output:
Continue reading Insomni’hack finals – Hollywood network writeupInsomni’hack finals – SH1TTY writeup
This challenge wasn’t solved during the CTF, but StratumAuhuur was pretty close!
The source, binary and exploit for this challenge can be found on our github here.
Insomni’hack finals – Jurassic Sparc writeup
This task wasn’t solved during the CTF. People must hate sparc!
Find the binary, sources and exploit here!
Continue reading Insomni’hack finals – Jurassic Sparc writeup