Solving a CTF challenge: Exploiting a Buffer Overflow (video)

Capture The Flag (CTF) competitions are an entertaining way to practice and/or improve your skills.

NVISO staff regularly participates in CTF competitions, in particular when the competition focuses on IT security.

We produced a video with step-by-step analysis of a CTF executable containing a buffer overflow. This executable is running on a server, and by providing it specially crafted input, a buffer overflow will lead to a remote shell. In this video, we explain how to determine what input is needed to obtain a shell, by reverse engineering the executable with IDA Freeware for Linux.

Although this video was recorded for internal use, we decided to release it. Enjoy!

About the authors
Didier Stevens is a malware expert working for NVISO. Didier is a SANS Internet Storm Center senior handler and Microsoft MVP, and has developed numerous popular tools to assist with malware analysis. You can find Didier on Twitter and LinkedIn.

Join the Conversation


Leave a comment

Leave a Reply

%d bloggers like this: