Flare-On 7 2020 Write-Ups

This year I participated in Flare-On 7 (2020) and I wanted to share my thoughts about this great CTF.

Overview

The challenges were great this year, I learned a lot and they were pure reversing. For anyone wants to strength his reversing skills, flare-on is a great choice. This is like an intensive reversing course for six weeks that you will suffer and enjoy both together.

Solutions

I separated my solutions into different pages to make it more readable:

  1. Challenge #1 - Fidler
  2. Challenge #2 - garbage
  3. Challenge #3 - wednseday
  4. Challenge #4 - report
  5. Challenge #5 - TKApp
  6. Challenge #6 - codeit
  7. Challenge #7 - re_crowd
  8. Challenge #8 - Aardvark
  9. Challenge #9 - crackinstaller (in progress..)
  10. Challenge #10 - break (in progress..)
  11. Challenge #11 - rabbithole (in progress..)

What I Have Learned?

Writing writeups is important!

I wrote write-ups because I find it very useful. As a hobby chess player, it is very important to investigate your games and understand what could you do better and how to improve for next time. Writing the write-up, without pressure, can help to think about other ideas you could do. Another thing is tBecause you will find new way to solve what you tried and learn new techniques. There are number of write-ups about it but my friend Shaked Reiner (@ShakReiner) and Itay Cohen (@megabeets_) created a great website explained.re with nice write-up.

Hidden Visual Basic code (p-code)

In challenge #4 I encounter something called p-code:

As each VBA line is entered into the VBA editor, it is immediately compiled into p-code (a pseudo code for a stack machine) and stored in a different place in the module stream. The p-code is precisely what is executed most of the time.

You can see the code in Visual Basic but it actually doesn’t show you some of the code that exist in the p-code.

--

--

--

Security researcher interested in reversing, solving CTFs, malware analysis, penetration testing and DevOps security (docker and Kubernetes)

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Download In <PDF Powerful Python: The Most Impactf

Coding for Classicists: Make your own Whitaker’s Words

Build a 2D robotic Car!

Implementing a netcat command line using clap

Split and Convert Columns into Rows

Multimap — How it works

Lessons in Ruby OOP: Protected Methods

Upterm — Secure Terminal Sharing

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Eviatar Gerzi

Eviatar Gerzi

Security researcher interested in reversing, solving CTFs, malware analysis, penetration testing and DevOps security (docker and Kubernetes)

More from Medium

Here’s What You Need To Conduct A Network Pentest

TryHackMe — Jr Penetration Tester | Privilege Escalation — Unquoted Service Path

Previse-HTB-Writeup

Tryhackme Nax- Step Wise Writeup for Beginners