• SANS Holiday Hack Challange 2020: Writeup

    This is my write-up for the SANS Holiday Hack Challenge 2020. There are two types of challenges: the main objectives and the extra terminals. In the game they are interleaved since solving terminals give you hints for the main objectives but here I have separated them into two sections.

    Read more
  • Chalmers - Security at KRY/LIVI 2020

    In April this year, I gave a lecture at Chalmers University of Technology in Gothenburg. I talked about the security work at KRY/LIVI. The talk was not recorded but you can download the slides here.

    Read more
  • Exploiting the Starcraft 1 EUD Bug

    Starcraft, released in 1998, is still one of the best strategy games ever made. Over 20 years later it still has a strong community and a remastered version was released in 2017 with updated graphics and sound. However, like most software, it has had it fair share of bugs. One of these bugs was an arbitrary read/write vulnerability in the parser for the scripts embedded in the maps of the game. As long as I’ve known about the bug I had assumed it could be used for exploitation but I had never seen a public example of this. Last weekend, I sat down and wrote an exploit myself and also turned this into a challenge for the Midnight Sun CTF 2020 qualifiers. In this first blog post I will go through some background, explain the bug and the exploit I wrote for it. In part two I will explain how I turned this into a CTF challenge and some of the solutions the teams came up with.

    Read more
  • MassifCon 2020 - Theft and Doxxing

    This February I gave a talk at a private event called MassifCon. The talk was not recorded but the slides are available. If you want a summary of the talk, please ask me the next time we meet.

    Read more
  • SANS Holiday Hack Challange 2019: Writeup

    Here are my solutions for the 2019 SANS Holiday Hack Challenge.

    Read more

subscribe via RSS