Down to the Wire

PlaidCTF 2018: I Heard You Like XSS

Zachary Wade

In preparation for PlaidCTF 2018 I designed a two part web challenge called S-Exploitation (Paren Trap and the Wizard of OSS). Although I intended the first part to be an easier web challenge, and the second to be a tricky follow up, the former had only 16 solves and the latter just 2. Since I had a number of people ask me for clarification after the CTF, and to help other organizers to learn from it, I’ve described below how S-exploitation was designed and meant to be solved.

GADTs: Wizardry for a Typesafe Age

Zachary Wade

Generalized algebraic data types (or GADTs) are a powerful tool that can augment algebraic type systems enabling them to be far more expressive. In addition to enabling polymorphic recursion, they also serve as a fundamental unit for existential types. In this post we will look at what all of those phrases mean, and how GADTs can be used in practice.

To Depart from Clemency: A DEF CON 2017 Retrospective

Zachary Wade

Another year, another DEF CON. This year, from the far reaches of LegitBS’s wild imagination came an architecture so bizarre and so confusing that it was actually pretty good. Over the course of three days, we were introduced to cLEMENCy, an intriguing RISC architecture that sported 9-bit bytes, middle endianness, and reversible stacks. It took many sleepless nights, but once again the were able to tool and exploit our way to a tight victory. As a member of the Plaid Parliament of Pwning, here is an overview of the year’s biggest CTF from my perspective.

A DefCon 2016 Retrospective

Zachary Wade

Defcon CTF 2016 was held from August 5th to 7th during the annual Defcon conference. This year DARPA chose to host their Cyber Grand Challenge (CGC) — a CTF-style competition between fully autonomous Cyber Reasoning Systems (CRS’) — at Defcon as well, so the Legitimate Business Syndicate oriented their competition around it to allow the winning machine to compete against the human teams. The new format brought with it several interesting gameplay mechanisms as well as a couple of issues, resulting in a fun but occasionally problematic contest. During the competition I played with the Plaid Parliament of Pwning (PPP), with whom I placed first. This is a brief reflection of how the game operated, what succeeded, and what did not.

Zeros and Ones - TypeScript

Matthew Savage

Hey there! I’m Matthew, and for my inaugural post I’m going to start a hopefully-recurring segment called “Zeros and Ones” - essentially, opinions on a given topic broken down into zeros (negatives) and ones (positives). Today’s post will discuss a language I’ve fallen in love with over the past couple of months: Typescript.

If you’re not familiar with TypeScript, it’s a superset of JavaScript that adds the ability to annotate variables with types. It was created by and is maintained by Microsoft, who introduced it in Ocotober 2012.