Capture The Flag (CTF) competitions are an entertaining way to practice and/or improve your skills.
NVISO staff regularly participates in CTF competitions, in particular when the competition focuses on IT security.
We produced a video with step-by-step analysis of a CTF executable containing a buffer overflow. This executable is running on a server, and by providing it specially crafted input, a buffer overflow will lead to a remote shell. In this video, we explain how to determine what input is needed to obtain a shell, by reverse engineering the executable with IDA Freeware for Linux.
Although this video was recorded for internal use, we decided to release it. Enjoy!
About the authors
Didier Stevens is a malware expert working for NVISO. Didier is a SANS Internet Storm Center senior handler and Microsoft MVP, and has developed numerous popular tools to assist with malware analysis. You can find Didier on Twitter and LinkedIn.