If you competed in this year’s CSAW CTF, you may have noticed that the site was pretty sluggish until around 1am EST Sunday. This post is a walkthrough of how I went from noticing this sluggishness, to debugging the issue, to putting in a fix which increased page load times by over 10x.
I’m Nick Gregory, a research scientist currently working at Capsule8. I used to be vice president and sysadmin of NYU’s OSIRIS Lab where I primarily focused on low-level system emulation and exploitation.
You can find my resume here.
- Holodeck - Assisted rehosting of embedded devices in QEMU
- Warpcore - A work-in-progress cyber reasoning system (CRS)
- CTF Writeups - NYUSEC’s solutions to a lot of CTF challenges
- Introduction to Offensive Security - A course I co-created to teach offensive security at NYU Tandon
- Dispatch - A Python framework for programmatically disassembling and patching binaries
- Weather Explorer - A website that allows everyone to dive into the raw data behind weather predictions
When exploiting a program, there’s four primary regions of memory that matter to us:
- The program itself
- The stack
- The heap
A recent post to the OSS Security mailing list brought up a potential DoS fixed in Linux about a year ago. This got a decent amount of attention on Twitter, and so I decided to see if I could create a proof-of-concept for this relatively simple bug.
In the fall of 2017, Josh Hofing and I co-created and co-taught a new class at NYU Tandon: Introduction to Offensive Security. We wanted to create a course that taught the basics of what’s needed in, well, offensive security (playing CTFs, doing pentests, etc.). It was very well received that semester, and is now being re-taught for the third time by Prof. Brendan Dolan-Gavitt who supervised Josh and I when we taught the course for the first time.
Recently, I was looking for a nice, unified way to traverse my way through large open-source projects. The OSIRIS Lab previously had a DXR instance but it ended up not being able to support some projects I wanted to index due to the way it works (a clang pass). I looked around a bit, and decided to give OpenGrok a try, and I’ve been very happy with the results. Seems to be the one good product Oracle makes :P
I’m happy to say I’m finally opening up “Weather Explorer”, a project I’ve been working on in my spare time for the past two years.
Since I interned at M.I.T Lincoln Lab in the summer of 2016, I’ve been working on an extension project of the work I did there. While it’s still not finished, it’s a pretty big chunk of work that deserves to be on this website somewhere :)
Today while setting up a new Proxmox node in my cluster, I ran into a “fun” issue.
CTFtime points were just awarded for this year’s Blaze CTF (in which we got 7th!), and NYUSEC is officially a top 50 team!
(Cross-posted from my entry in the OSIRIS Lab’s blog: https://blog.isis.poly.edu/2017/09/25/csaw-ctf-2017-infra/)
For the past five years or so, I’ve been looking to find a way to get streaming weather data pushed to me. Originally I had wanted level 2 RADAR products to create my own composites/renders, however I couldn’t find a good source that would push it to me, and even if I could, I didn’t have the capacity to handle processing all of that data in realtime. The IEM makes level 2 data available over HTTP, and grabbing individual files as I needed them to experiment was good enough at the time.