Eindbazen wishes you a Happy New Year

Happy (belated) New Year, to all of you!

No talk about solving CTF complexities today; just a small informational post. πŸ™‚

2012 was a fast, fun, interesting and big year for Eindbazen. We grew from being occasional CTF players to a group of hyper-competitive enthousiasts. We traveled around the world to compete in the finals of Codegate YUT and PHDays. And maybe more importantly: we met countless new friends in real life who we had previously only known as enemies online. πŸ˜‰

In between exploiting scripted scenarios during CTF games we also discovered a real life security issue.

We’re proud to announce that Eindbazen has (somewhat successfully) participated in the following CTFs during 2012:

  • 29c3 CTF
  • PHD CTF Quals 2012
  • rwthCTF 2012
  • RuCTFe 2012
  • PoliCTF 2012
  • Hack.lu CTF 2012
  • CSAW CTF Qualification Round 2012
  • SECUINSIDE CTF Quals 2012
  • PHD CTF Finals 2012
  • BaltCTF Quals 2012
  • PlaidCTF 2012
  • Codegate YUT Finals 2012
  • Nuit du Hack CTF Quals 2012
  • Codegate YUT Preliminary 2012
  • IFSF CTF Quals 2012
  • Mozilla CTF 2012
  • Ghost in the Shellcode 2012

This lands us a 3th place on the overall ranking at CTFTime.org for 2012, not bad!

CTF scene in .NL

Huh.. there is a CTF “scene” in the Netherlands? Not really, but it seems we have some “new kids on the block” who are also playing under our nation’s flag. Let’s take a moment to plug some other uprising Dutch CTF groups out there:


Eindbazen is planning something exciting for 2013, we will soon publish more info on this! Maybe we will organize a CTF? πŸ˜‰ Stay tuned!


GitS 2013 Teaser – What the hell is Keming?

Find key the.

We start off with a xz-compressed file:

$ file 35e25782a7b3b88409e58756e63c40c2.bin 
35e25782a7b3b88409e58756e63c40c2.bin: XZ compressed data
$ xz -dc 35e25782a7b3b88409e58756e63c40c2.bin > data

{Read More}


29C3 CTF – Maya

The maya challenge is a simple socket daemon which accepts a tcp connection on port 1024. It then reads a string from the socket, turns this string into a long using atol, and calls the gettimeofday() api.

From here on it compares the tv_sec value returned from the gettimeofday() api call divided by 10 against the long it got from the string that was read from the socket divided by 10 as well.
{Read More}