BlackCat Hacks

 Hello Comrade....    We captured a message of the foreign gov trying to communicate about attacking us... one of our techs got this specific and interesting messaging... see if you can decode this:    RkxBR3tSVVNTSUFOX0FTU0VUfQ== =========================================================================== UPDATE: This was a part of CTF I participated in, back in April. Arkansec's CTF that was at Sparkcon 2025 where I placed 3rd! Part of the CTF was BOYCTF ( https://github.com/ShyftXero/byoctf_discord ) You can read about it here a really cool system created by my friend Shyft. Basically it's like a BYOB (Bring your own Beer), but you are bringing your own flags. In a normal CTF game, you are dependent on the challenge makers to create challenges, the ones who created the CTF. With BYOCTF you get to, as the CTF player, make your own challenges. And really, that's a huge part of winning and a huge part of why I got 3rd. A very unique addition to any CTF game. Than...

 In the world of Hacking, and even IT, being able to write your own scripts is arguably an essential tool to have. Whether it's bash, powershell, python, etc. knowing even one language enough to write scripts is something you should definitely take time to learn.  So, you might ask what is the point of making these scripts if there are multiple scripts that are already made? There are plenty of script writers who are much better... but there are a few reasons!  One: Practicing with different languages. Although most languages are the same at the basic level writing scripts is a way to get a good and quick understanding of different languages. Programmed something in bash? Try Python. Did it in powershell? Try Go. This exposes you to different languages even if the concept is the same. The idea is getting a good understanding, not practicality. You don't need to write super long programs to get an initial grasp of a language!  Two: Customization Arguably customization...

 Since the first time I heard about DEFCON (2018, probably before) I have wanted to attend. Due to time and mainly money, I haven't been able to up until now. Thankfully, my job (thank you very much!) paid for most everything an I was able to go this year. I am going to talk about my experience there and some tips for next year if you decide to (hopefully) go! Let's start with the location. I hadn't been to the previous DEFCONs so I didn't know what it was like but this year it was held in the west wing part of the Las Vegas Convention Center. This location is right by multiple hotels (mine was about 10-15 min walk which wasn't too bad), and close to the strip. This center is huge and we were *just* in the west wing part of it. What I enjoyed most about this honestly was the central location. I can imagine walking across multiple hotels would get a bit tiresome. Everything was relatively close and about a 5 minute walk, or 30 second escalator ride. There were... A L...

 JOLT, a hacking CTF located in Little Rock, Arkansas. JOLT 2022 was where I first was introduced to steghide. Steghide is a tool associated with Steganography which according to wikipedia is: ""the practice of representing information within another message or physical object, in such a manner that the presence of the information is not evident to human inspection". So basically hiding information within a picture. And of course if you can hide information in there you can extract information, and hide information that is dangerous." On the kali linux steghide page it says: "Steghide is steganography program which hides bits of a data file in some of the least significant bits of another file in such a way that the existence of the data file is not visible and cannot be proven. Steghide is designed to be portable and configurable and features hiding data in bmp, jpeg, wav and au files, blowfish encryption, MD5 hashing of passphrases to blowfish keys, and pseud...

What is type confusion exactly? And how can it be used to exploit programs? According to the CWE (Common Weakness Enumeration) "Type confusion is when: the program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. When the program accesses the resource using an incompatible type, this could trigger logical errors because the resource does not have expected properties. In languages without memory safety, such as C and C++, type confusion can lead to out-of-bounds memory access." C and C++ are common examples used because these languages do not have type checking. This allows attackers to potentially exploit type confusion within C/C++ programs, which can lead to code execution. Of course C and C++ are not the only examples, languages with dynamic typing generally (like Perl) have this issue. C++ has 3 main Cast...

 If you missed out on SOTB that really stinks, but also I understand. Shell on the Border happened during new years and man was it an amazing experience. I couldn't attend the speaker part but the ctf was fun. It was at an arcade that had major Mr. Robot vibes. A truly different and awesome experience in the unlikely city of Fort Smith, Arkansas. Want to make a huge shout out Shyft, MoonKaptain, Fie, FractumSeraph, Allee, Fort Smith Arcade, and HackNWA (if I forgot you I am sorry it's not on purpose). All of y'all made this an amazing experience and the work we put it in was definitely seen. I am proud to be apart of FS2600 and I am grateful for the opportunity to be able to help, and to even do some of my first challenges.  I wanted to go over my challenges that I did, just 3, for those that are curious. First of all this being my first time making CTF challenges there were some mistakes on my part. I had made these challenges with a huge assumption of prerequisite knowled...