Case Study: LEGIT_00004

After winning the Cyber Grand Challenge and competing in the Defcon CTF with Mayhem, we have a lot to talk about. This post is the first in a series coming out in the coming weeks. Some will be more technical, and some less.

LEGIT_00004 was a challenge from Defcon CTF that implemented a file system in memory. The intended bug was a tricky memory leak that the challenge author didn’t expect Mayhem to get. However, Mayhem found an unintended null-byte overwrite bug that it leveraged to gain arbitrary code execution. We heard that other teams noticed this bug, but thought it would too hard to deal with. Mayhem 1 – Humans 0. In the rest of this article,  we will explain what the bug was, and how Mayhem used it to create a full-fledged exploit.

Continue reading “Case Study: LEGIT_00004”