melotic’s blog

If you’ve watched Ted Lasso, there’s this scene where one of the players, Sam, makes a costly mistake during a game and he’s spiraling in the locker room. Ted pulls him aside, asks what the happiest animal in the world is. Sam’s got no idea. Ted tells him it’s a goldfish. Goldfish have a ten-second memory. They don’t dwell or replay their mistakes. In their little world, every lap around the same basketball sized fish bowl is brand new. ...

Best Cyber Warrior ‘22 CTF The Best Cyber Warrior (BCW) ‘22 was a CTF that was available to U.S. Army cyber personnel, hosted by the Army’s Central Command. Our team, PWN@VT, comprised of ROTC cadets came in 2nd place! Best Cyber Warrior 22 - Fileless Writeup fileless was a hard reverse engineering challenge. The binary to reverse engineer was an ELF executable, that dynamically decrypted another ELF file and executed it with memfd_create and fexecve. The decrypted ELF simply decrypted a flag, without doing anything else. ...

If you want to skip right to the code, it’s available on GitHub: https://github.com/melotic/ThreateningYeti This is a series on hacking the Lockdown Browser. The recent outbreak of Coronavirus has many colleges and universities switching their in-person classes to 100%. With this, many colleges are turning to software like Lockdown Browser to secure their online tests to prevent cheating. If you’re a college student, you’ve more than likely had to use Respondus’ Lockdown Browser, a software application that is essentially a secure web browser. On launch, the web browser will navigate to your universities learning management system (Canvas, Blackboard, D2L, etc.) ...