gnome invasion
ever since i did the original stripe ctf challenge, i've been interested in the practical side of how vulnerabilities are exploited. so i was curious enough to try out the SANS / counterhack holidayhackchallenge over christmas.
it's basically a CTF competition where you have to discover exploits in a set of remote servers. to keep it current it features some interesting twists
a childrens toy running embedded linux with a secret camera upload
several cloud deployed control servers running a MEAN UI
a cute javascript meta-game RPG
since this isn't my day job, i have to muddle through from first principles re-learning packet disassembly and x86 assembly but i eventually got there and you can check out my groovy-based gnome-invader or ideally one of the much better writeups from the winners page.
an interesting post-script to the challenge is that ctf challenges are often criticised for being unrepresentative and simplistic - but it seems remotely exploitable cameras and node apps that allow trivial remote-code execution are going to keep the security professionals busy for the foreseeable