Following the tradition of the Boeing-UniGe Scholarship Project, this year we will collaborate with UniGe and Leonardo to provide a hands-on training path, that will culminate in a Capture-the-Flag competition. We will meet on Wednesday October 14 at 2:00pm on the MS Teams channel “Cybersecurity...

Hi everybody, it has been a while since our last update… We worked hard during the summer, and we are now ready to deliver some fancy news. First of all, thanks for attending our first public event for the new academic year, Ethical Hacking @ DIBRIS. If you missed the date and you want a brief ...

The local qualification round of CyberChallenge.IT 2018 is over! After 3 months of training, the team of UniGe - students between 16 and 22 years old - met in Valle Puggia, for one full day of Capture-the-Flag competition, organized at the same time in 8 Italian universities settled in Milan, Ge...

Boeing CTF has finally landed in DIBRIS! On February 5th, 32 brave competitors challenged each other in our first CTF., sponsored by Boeing. We prepared four different categories of challenges: Web, Binary Reversing, Android and Miscellaneous. Each of these groups has been divided into four lev...

If MITM attacks on Android crashed your sweet dreams and raised your paranoia, it’s time to inflict you the final blow. Imagine you’re communicating with your best friend. You don’t trust phones anymore. So you open your bag, pull out your PC and start chatting. I’m sorry, any kind of traffic c...

You learned that Android is not the peaceful world it was supposed to be. But you keep believing that there are still plenty of polite ladies and gentleman outside your room. Maybe on the internet? What do you know about Man in the Middle attacks? If this doesn’t sound any bell in your head, ...

Hi everybody! Welcome to the last meeting of 2017: the briefing BabyCTF, to warm up. We propose you a set of challenges that you can try to hack during the holidays: this is our Christmas present for you ;-) We anticipate your question (“How can I participate?”) and we suggest you these steps: ...

You understood that SQL Injections are evil. So, you open your browser and type “how to sanitize input in php”. You find that exists a beautiful mysql_real_escape, which claims to remove all escape sequences. This means that all the injections seen during the previous class can’t be unleashed i...

The fourth lesson is the natural consequence of its predecessor: Binary Reversing, Part 2. zxgio begins with the whole suite of IOLI Crackme binaries, using Radare2 to pwn them. What does mov instruction do? And cmp? Or what is that strange lea eax, [ebp - 120]? The ultimate secret to reversi...

You successfully downloaded “MoneySafeMultiplier.exe”, because you are an optimistic guy who firmly believes that evil things only happen in movies. Then, your computer is entirely encrypted, and you’re asked to send 100 Bitcoins to 3v1lH4ck3r to restore your files. That’s incredible! Isn’t it? ...

Android is such a beautiful world, full of unicorns and… Wait a minute, is that so? What is hidden under the hood? This is the core of lesson 2: Android Security, Part 1. Simone Aonzo (packmad), our Android guru, charmed the audience with his lesson, uncovering what’s inside the Android operat...

What about Web Security? Do you think you can tackle simple CTFs with your current knowledge? No? What a shame! :-( But don’t worry, we’ve got what you need. This is the first class offered by ZenHack: Web Security, Part 1. Andrea Valenza (avalz), our web expert, introduced our students to a ...

Too many months have passed since our last meeting… But now we are back to business! On Nov 14, we organized the Presentation of the Boeing-UNIGE Scholarship Project 2017/2018. Let us recap what happened during that meeting. Alessandro Armando started the workshop with an introduction of the u...

Try and get the flag hidden in this PNG file: pngcrc.png type: PNG md5: 3e6bc1b4c62588810efd5ab7e40541d6 Solution Opening the downloaded file, you see a fully white image. Check MD5 You might want to check the MD5 hash for the file: avalz@zenh~$ md5sum pngcrc.png 3e6bc1b4c62588810e...

PlaidCTF 2017, Zipper, 50 pts. Intro In questo esercizio utilizzeremo la “soluzione da segretaria”, come riportato sulle slide. Dovete usare tutto quello che avete per trovare la flag, ma spesso i tool automatici non funzionano. Controllate sempre le Rules of Engagement, potrebbe non essere ...