Suz Hinton

Yeah, I'd say I had a huge advantage in a lot of the CTS because I could write simple scripts even, right? So let's say you get a giant Apache log file, right? And like, it's a pretty structured log file, right? And so you can use, you know, bash one liners, you can use orc and you can use like truncate and... unique and all of those command line tools.

Yeah, I'd say I had a huge advantage in a lot of the CTS because I could write simple scripts even, right? So let's say you get a giant Apache log file, right? And like, it's a pretty structured log file, right? And so you can use, you know, bash one liners, you can use orc and you can use like truncate and... unique and all of those command line tools.

And you can just kind of like glue something together. But if you want to do something a bit more complex, that's where scripting just really comes into its own. And so during these CTFs, I was writing all sorts of different scripts to filter things and to count things and to accumulate things and

And you can just kind of like glue something together. But if you want to do something a bit more complex, that's where scripting just really comes into its own. And so during these CTFs, I was writing all sorts of different scripts to filter things and to count things and to accumulate things and

also there was one time where there was something was encrypted using RSA and it was kind of hard to find a tool online to just like dump the text in and decrypt it and I think that was the point of the CTF they were trying to make it difficult so I was able to just write a quick JavaScript implementation of the RSA algorithm that sort of like brute forced through and figured out the key and they obviously gave us a weak key because otherwise you need like a quantum computer to crack it but

also there was one time where there was something was encrypted using RSA and it was kind of hard to find a tool online to just like dump the text in and decrypt it and I think that was the point of the CTF they were trying to make it difficult so I was able to just write a quick JavaScript implementation of the RSA algorithm that sort of like brute forced through and figured out the key and they obviously gave us a weak key because otherwise you need like a quantum computer to crack it but

that was so advantageous. Most people either didn't solve it or they had to find a tool online that only let you put in one character at a time to crack it. Whereas I had it written in, you know, like maybe 10 minutes and it was done. So it's a huge advantage, I think being able to code, but also you, you understand how computers work as a foundation, right?

that was so advantageous. Most people either didn't solve it or they had to find a tool online that only let you put in one character at a time to crack it. Whereas I had it written in, you know, like maybe 10 minutes and it was done. So it's a huge advantage, I think being able to code, but also you, you understand how computers work as a foundation, right?

And that gives you a really good intuition for solving problems. Like I've seen people who have come into cybersecurity and but not having an IT background. And there's a certain intuition that they're missing where you can infer things from certain pieces of evidence.

And that gives you a really good intuition for solving problems. Like I've seen people who have come into cybersecurity and but not having an IT background. And there's a certain intuition that they're missing where you can infer things from certain pieces of evidence.

And even the Docker container thing, like I was able to just jump in, whereas a lot of people were like, I don't even know how to run this thing. I'm going to have to spend half an hour an hour learning Docker. So I've always had a huge advantage in CTFs because I do have that coding background.

And even the Docker container thing, like I was able to just jump in, whereas a lot of people were like, I don't even know how to run this thing. I'm going to have to spend half an hour an hour learning Docker. So I've always had a huge advantage in CTFs because I do have that coding background.

that particular one code breaker, it was very strictly by yourself. And so I think there were 10 problems and I made it to problem eight. And that's where I felt that I was hitting a ceiling, right? It was very specialist reverse engineering. Like I ended up looking at the solution afterwards from people doing write-ups and I was like, I never would have got that.

that particular one code breaker, it was very strictly by yourself. And so I think there were 10 problems and I made it to problem eight. And that's where I felt that I was hitting a ceiling, right? It was very specialist reverse engineering. Like I ended up looking at the solution afterwards from people doing write-ups and I was like, I never would have got that.

You know, you had to sort of do this weird, um, you had to roll the protocol correctly, but then you also had to kind of plant a buffer overflow in order to sort of get through it.

You know, you had to sort of do this weird, um, you had to roll the protocol correctly, but then you also had to kind of plant a buffer overflow in order to sort of get through it.

And I'm just like, I was like, I know how to do toy buffer overflows when the conditions have been presented to me in the correct way, but I can't actually sort of, you know, it's a lot harder for me to do that because I don't have a lot of practice with it. So, yeah.

And I'm just like, I was like, I know how to do toy buffer overflows when the conditions have been presented to me in the correct way, but I can't actually sort of, you know, it's a lot harder for me to do that because I don't have a lot of practice with it. So, yeah.

Yeah. Yeah. And like, how much do you keep going until you give up? Because you're just like, just one more, just one more, you know, one more knob. And so in the end, the solution was to use a, was it called a ROP chain as well, right? So using gadgets, using assembly gadgets after the knob sled in order to then like return to C or whatever that is.

Yeah. Yeah. And like, how much do you keep going until you give up? Because you're just like, just one more, just one more, you know, one more knob. And so in the end, the solution was to use a, was it called a ROP chain as well, right? So using gadgets, using assembly gadgets after the knob sled in order to then like return to C or whatever that is.