SUMMARY.md

Table of contents

Introduction

• What Is REplay?
• Running The CTF - Know XYZ
• Scenario
• FaQ - Frequently Asked Questions
  • What does this teach?
  • Who maintains it?
  • What does this target technically?
  • How does this help me in the real world?
  • How many writeups are here?

REplay

• Levels
  • Level 1-3 DOWNLOAD
    • Level 2 - What I Should Have
  • Level 1
  • Level 2
  • Level 3
• Writeups
  • Level 1 - All Walkthroughs
    • Find the unencrypted API key
    • Find the HTTP-BasicAuth formatted username and password
    • Find the CTF information block
    • Find the encrypted API key
    • Crack the first login system
    • Modify the variable of the hide menu functionality
    • Authentication Server Investigation
    • Security Systems In This CTF
    • Pseudocode representation of the login system
    • Find the integer based key used to compare the input license in the GUI.
    • Figure out where the pre-determined login statement is being made.
    • Find the hotkey that is used to exit the menu and kill the current process
    • Bypass entirely - login system
      • Crippling Logins
  • Level 2 - All Walkthroughs
    • Objectives you need to complete
    • Locating The Thread Management Calls
    • Section 1.0 (Binary Integrity System)
      • Locating The Binary Integrity System
        • Locating The Original Caller
      • Time Based Modification
      • File location of the hash
      • Remote resource for fetching prod hash
      • Hashing Algorithm Investigation
      • Find out 'how' data was fetched
      • Bypass Binary Integrity
      • Tips for this section
        • Methodology/Theory
          • Known barriers in binary integrity RE
        • Informational
    • Section 2.0 (Security & Binary Protections)
      • Methods of protection
      • Integrity System Inner Workings
    • Section 3.0 (Data & Information)
      • User account for remote resource
    • Section 4.0 (Beeps and Kinks)
      • Finding Functions Via Sound
      • Beep frequency
      • Beep creation
      • Exact time length of beep
      • Sub Info For Writeups
        • An introduction to beeps
    • Section 5.0 (Vulnerabilities & Binary Auditing)
    • Section 6.0 (Networking & Web)
      • Locating The Server Routine
        • Methodologies and Theory
      • Server port
      • Server folder for local file hosting
      • Endpoints for login
      • Binary Auditing - 6.4.0
        • Information Module
          • What is Binary Auditing?
            • Why is this useful?
            • What do I learn?
          • Binary Auditing - Further Reading
            • Auditing Methods
              • Dynamic Analysis
            • IOF - Integer Overflow
            • BOF - Buffer Overflow
            • UAF - Use After Free
              • Methods For Locating
            • DOUF - Double Free
            • Warning:
        • Binary Audit - Goals
          • Vuln: Buffer Overun
            • Analyzing Important Sections
            • Analyze - sub_1400816E0
              • Locating The BOF
              • Answer Page
          • Security Issue: No Input Checks
            • Answer Page
          • Vuln: Use After Free
            • Answer Page
          • Vuln: Format String Vuln
            • S1: Exploring The GUI
            • S2: Exploring The Input
            • S2: Answer Page
          • Vuln: Integer Overflow
            • Educational
              • Attack Plan
            • S1: Input Analysis
              • Dissecting
            • S2: Func Analysis
              • Pseudocode Analysis
                • Exploring IoF
                  • Payload
                  • Answer
          • Vuln: Double Free
            • Educational
              • Attack Plan
            • S1: Input analysis
            • S2: Func Analysis
              • Top To Bottom Analysis
                • Deep Analysis
                  • DOUF Explanation
          • Vuln: RCE
            • Educational
              • Locating RCE
                • Finding system
                  • sub_14009B148
              • Attack Plan
            • S1: Analyze the input area
            • S2: Analyzing the command exec
            • S3: Crafting The Payload
            • Answer Page
      • Static Key Generation
      • Remote location of the logo
        • Answer Page
      • Analyzing Binding & Server Routines
        • Answer Page
      • Analyzing JS To Find Web Vulnerabilities
        • Code Auditing
          • Analysts & RE
        • Answer Page
    • Section 7.0 (Exploit Development)
      • Userland R/W To Set Login Status
    • Section 0x0 - Tips and Information
      • Thread and Routine Manager
  • Level 3 - All Walkthroughs
  • Level Exploits / Scripts
    • Extra Utilities
      • Import Parser [Go]
    • Brute Forcing
      • Key State Brute Forcing Utility
      • Beeper Utility
      • Process Port Discovery
    • Algorithmic Implementations
      • IEEE 745 - Formula Implementation
      • Binary Hashing Tool
    • Why Offensive Tool Development?
      • Why Are We Using Different Languages?
  • REplay - Exploring Further
    • Fucking Up Buttons
      • Buttons In GUIs
        • Locating The Buttons
        • Attack Planning
      • Using Tabs
        • Initial Analysis
        • File Offset & Patching
  • REplay - Suggested Resources For RE
    • Resources - Books
    • Resources - Educators
    • Resources - Videos
    • Resources - Channels
    • Resources - Communities
  • REplay - L1-3 Goal Pages
    • Level 1
    • Level 2
      • Section 1.0
      • Section 2.0
      • Section 3.0
      • Section 4.0
      • Section 5.0
      • Section 6.0
      • Section 7.0
    • Level 3
    • L-0 - What Defines Finished?
• REplay - Extras
  • GUI Things
    • Educational
      • 4.0 and 0x40800000 (In development)
      • Exit HotKey Function Verification
    • How To
      • Navigate
        • NO CLICK!
        • Technical
          • HotKeys
          • Files
          • File Generation
            • RuJsonClientDLLJSONFile()
            • RunJsonClientFile
          • Specifics
      • Set REplay up
        • 1: Env Setup
        • 2: Running REplay
        • 3: Have fun
      • Error Handle
        • Missing Library
        • I Am Stuck
  • REplay - Isolated Training
    • Where It Comes To Use
    • Examples
      • Use After Free #1
        • Analyzing Free
          • What did we learn?
      • Buffer Over-run #1
    • Tips and Tricks For Isolated Training
      • Compiler Optimization
      • Google Is Also Helpful
      • Understanding Data Types
  • Reverse Engineering: Other Theory(s)
    • Tracing externs
      • Tracing Free
      • Tracing malloc
  • Security Research Application
  • REplay Contributions
    • CTF Design
    • Promotion
    • Extension Suggestions
      • Scenario / Systemic Extensions
    • Finding Issues
      • Example
      • What Happens If I Report?
        • Vulnerabilities
          • The Goods O_O
        • Common issues
    • Rules and Regulations
  • Cool Shit
    • Artwork
      • Advertisement
      • Snow White Penguin
    • Quotes
      • The World Is Yours
• Finished!