 Soccer basketball and so on. There's also quite a few nerdy sports like real-life quidditch or segue polo But there's also really cool sport. That's kind of nerdy, but also quite educational and quite a lot of fun I've been told so now Bruno Olivera will tell us all about this capture the flag. Please give a big applause for him Hello folks First thank you for so much for joining me in this talk So as I was introduced we're gonna talk about CTF's and The main reason why we're talking about CTF's so this this is the motivation behind this this talk is about How why play CTF's So just a little bit about me My name is Bruno Gonçalves de Oliveira. I'm Brazilian if that matters I have master's degree in software engineering. I'm a computer engineer. I'm a senior security counselor at first wave spider labs. I Have some certs. I have done some talks and some places and And maybe the most important here, I'm the guni CTF player so you must think about Well, I'm not a lead ex or a hacker or whatever you can call. I'm not that guy. So We will see here just a motivation behind what brought me to this area. Let's say that but a Lot of you can talk but you know there are some discussions related to the penetration test or to CTF players to white hat guys black hat guys and One thing that they will say that the CTF player think they think himself about being a ultra hacker or Just because he got 100 points on the CTL the death on CTF or something like that. So that's not the case, you know What I want to show you it's much more than these is much more than points is much more Then of course technical stuff is the base of everything that we're gonna say here But I don't I don't want to show you some cutting edge Technique or anything like that. It's just why I got To this area and I got so excited So when you're talking about my motivations, so, you know After 10 years doing penetration test things it starts to get Boring, let's put this word. Well, it's all the same. It's not like all the same It's a cool job. I love my job, but you know after 10 years you got limited time for doing stuff You usually got the same thing. Well, if you think about we got lame passwords we got some Usual unpatched stuff we got I Don't know you got poisoning in the past we got our two poisoning now. We got the LL and our poisoning and stuff. So, you know, it's all basically the same and If you think about we got some as I said that there are those certifications like OSCE or SCP from offensive security It's it's good from what we have nowadays, you know, but it's not even close From what the CTF can teach you so that's why I got this Excitement, you know, so that's why I Wanted to you know to explain this to talk about this because I think a lot of people got some You know, maybe boring. It's not all the same Even on offensive security and mostly on penetration test because on penetration test is all Not always but it's very superficial You know, you don't go much deeper on the on software exploitation on finding vulnerabilities on by your hand So when you got a chance for example to try a new a new technique I will show you this later but for example a new vulnerability that came out or a new type of exploitation that somebody just Published it on somewhere else And you've got the opportunity to test that that's that's really great really great because you can you can take these new technologies new knowledge and And apply because well, I always say that Einstein Says sad that the the only knowledge comes from the experience and I totally agree So if you take a book and start Reading about overflows reading about, you know assembly or whatever It's not the same, you know Everybody knows here. I think so. So it's not the same So when you have the opportunity to test whatever you are learning in a real-life environment That will change you That's my best So now One thing very interesting that I would like to say about this. It's like when I was maybe 15 years ago or 17 years ago when I was a teenager very excited about learning Buying books, etc. This kind of you know, I Use I use this word a lot today. That's because I don't I don't know any other word that works perfectly in this case but excitement, you know to learn and This is the good thing about it. So You get all this new stuff. It got back in and I'm now I can say that I'm back like I'm 17 years old again I'm buying books. I'm learning. I'm talking to people. I'm trying to figure it out stuffs So this is the cool thing about this. So that's the real Cool, that's the real motivation behind this talk. It's all that I said now. So I hope you get something and Enjoy So what do you see here? What is a CTF? Why but why right? Why are you gonna play this? Why are you gonna spend so a lot of times doing this? Where? How cool is it? how can I start and Of course, I'm gonna show you some stuff for example, what I'm gonna show you in The technical stuff about it. It's not as I said, it's not a cutting-edge technique, but it's not very common So this is the word It's not common to see so in an environment that for example as as Me doing a penetration test. I have a lot of stuff to check it out Before doing something that's new because I have 60 hours for doing the job So I have to to hack the network before that so if I'm gonna try I always say that I take a lot of time doing this and my wife is here to to To make me not lie. I spent a lot of times doing a lot of time so I try to learn and All this excitement comes back So what is it through the flag? Well our hacking games involving a lot of stuff. So it's basically In the end you have to find some plain test test a flag in something a well or in a system or in an application or Hidden in a in a file So So it's basically like that we are they are running some CTF right now. So it's probably like this So what are what is? What are the set effort about so? It's most forensics crypto web exploitation reverse engineering and low-level exploitation So how how we get it started? So these are some CTFs that It starts very easy, but you see the cool thing about this that's Maybe when you want to take a look that is and try some the first web application that you are Seeing you see that's not it's not very usual because it's the cool thing about step is not very straight All everything is not very straight. So you always have to take a look Out of the box think out of the box to have an idea or what's going on This is probably the main site that you have all information about CTFs so You have all the CTF organizers the CTF teams They write ups and the scheduling so if you want to know anything about CTFs It's there. So you can take a look on CTF time. Or you can see the team you can see the score So the cool thing you can see all the score and the score is annual so You can see who who is ahead you who is behind and which steps they are playing etc. It's a organized site so what you can expect in a In a CTF as I just What you can expect new vulnerabilities as I said So something that just happened You see there. So in a well, we are we are we are talking about good CTFs, right? So Just to make clear. So maybe something that's just published and you see there's a There's a challenge there that that is talking about it. So that's the cool thing however There are old techniques too. I will talk about this later. So As I said before there are new techniques. So maybe a new heap exploitation on Chrome or whatever they apply on the On someone on someone else and you have to to use it there or There is a New perfection of memory for example I think I put on the slide but for example the Intel Put or when I put the the shadow stack so it happened like I don't know maybe last year or something I like the shadow stack and you can apply this technique and what the people are doing to to bypass this and applying the real life so but old shoe and old school and I I said why why old school? Well In our area, it's very easy to to see people trying or wanting join this Offensive security stuff, you know, it's very popular. It's very hyped to be a hacker a hacker So they want to do that. So but now Well, when I started 17 years ago, we don't have we didn't have so much information We have what information we had in the past. It was usually good. Normally it was good But now you have a lot of people talking about a lot of You know, so You you see a lot of information that may be by past the basics For example, they don't know the tree went away handshake in TCP But when a hacker, I don't know web browser, they are fuzzing stuff, you know so when you learn the basics on low level exploitation, for example, there are a paper for That a paper about the hip exploitation. That's very famous. How's of God? How's of everything? I forgot the name of the paper just because I'm nervous not because I don't know Exactly so this paper was published and then in the next one someone this guy published this this guy never came up to see to To say that he did this this paper His nickname is fantasma fantasma ghost may be he's here. So and And the next one they published it someone he didn't put any Proof of concept of his techniques just the techniques and the next frack someone Published the maleus this malefic atom, right? So in this paper that are pox and etc. This is it's a Very nice paper to read. So if you want to join the low level exploitation, it's the basics, you know So that's why old things are cool too because we need to We need to understand the basics before anything. So as I said before new vulnerabilities last last year was released some vulnerabilities in W get and One month later or in the same week. I don't know. There was the second insight 2016 And there was this one ability to exploit. So, you know, you can try that's that's the thing That's the cool thing about it. Yeah, you just saw the pub the paper And you can apply your knowledge or try to exploit to choose in this knowledge. That's cool I was talking about the Shadow stack so in Tokyo Western's MMA 2016. There was a challenge about this and Was very nice. It's just you know, so you have all this Information that you can get from these challenges and apply and learn, you know, well I put some Let's say tips here and how to get started on this area on games so For getting started with exploitation, you mostly need a web server to monitor requests and burp well, you can crawl you can brute force you can Check it the request and responses Live, right? So this is a cool thing headers, etc cookies so you When you were talking, I'm not as I said before I'm not an expert in nothing So, but if you wanna when you're talking about web, we have a lot of stuff to do And as you see on that exploitation challenge, we must see some restrictions. For example, this is some Few challenge during the web exploitation. So we have restrictions of space So and you can use that for example, you have remote command execution But you can use this way to bypass the space filter You have well Cross-site scripting cross-site scripting is probably the most fun Because there are a lot of stuff that you can do with cross-site scripting and it's not just for the alert So when you're doing a penetration test, maybe I just ah, I'm just take the Proof of concept on alert and it's good to go, you know But there if you wanna it was if you want to see the flag you have to go ahead Asca asca all injection. Well, this is not work. Sorry So you need something else and there are a lot of restrictions too I didn't put here, but if you If you take a local nascala injections challenge that World is it in the past you have some idea I See I saw some paper in like, I don't know so last week about the PayPal compromising in the bug bug about stuff. Did you read that? So basically the guy said that when you see a file upload a Penetration test are always shakes, you know because something's there, you know If it's not well configured something's there and and something's there too and local falling clue when I talk about local falling clue do you maybe Checking dot dot slash dot dot slash, but the most common Thing that you can do with a local falling clue in a challenge is using PHP wrappers So this is just for example for This will convert the Source code of upload dot dot PHP and you show in coding in base 64 and then you have all the The source code so this is very common to see in a pen in a penetration test No, but in a in a challenge from CTF so What I can say about exploit a web exploitation is about this But of course there are a lot of stores a lot of stuff going on and if you are Involved in if you like web exploitation And you never played city at CTF before you love it Because there are a lot of ways and things should do and Things that you learn and that's the important thing here that you learn and even if you know this stuff I will say I do say share so Someone said before share is scaring Share is scared. So this is the stuff. So why not just publish and I'll write up telling how you did it and And share with the community, you know Somebody else can take this information and learn something from there So it's not just about learn, but it's about teach to And I have to say I got to start on this area really raw on the low-level exploitation and I have good friends behind me On the team that I didn't know but I was invited to the team I started playing and two guys were like really rock stars on a low-level exploitation and I really See me it, you know They helped me a lot and when you if you join a team for example just for playing or For learning teaching whatever you have. It's good to have somebody else for Take you in this journey, you know It's really hard to learn by by ourselves Because as I said before the information now We have so much information about a lot of stuff and This makes everything harder because we don't know what information we can trust and How is reading etc. Ever everything involves that So about reverse engineering some essential tools Well the same there I the pro basic. I Really like binary ninja how there it you is just for elite people. I'm not very used to if I had there and But it of course is a really powerful tool and Really necessary for if you understand that that tool you you'll be good So now of course the bugger etc. I put there all the bg win the bg gdb Just to make it examples, but one thing that I will say in the final. It's that we don't have so many Linux windows exploitation or reverse So that's a shame We know I forgot the the the CTF that that I was playing before and someone put Windows challenge with really high points and In the description said don't be afraid of these windows environment We put a lot of points just because it's a windows, you know And if you take a look in who solve it this challenge just few teams Just because well, we have to normally have to put an environment like a you know install a new windows or whatever so maybe this is the An issue for doing the the the challenge And not now but now is is being very used Is being used a lot symbolic execution Well, if you take a look about symbol symbolic execution, it's about running the application with symbolic inputs So What what does it mean? It means that you don't know whatever? You are inputting You're trying to solve constraints in the execution flow in our case here this this symbolic execution It's a term that's used it. It's very it's highly used in the soft engineering But it's now being applied a lot on the on the security and It's about it. So No, I it's not here. Well, but it's simple. It's You have to go in a way. You have two ways for going or maybe ten or maybe a hundred Ways for an execution So if you open an IDA prop and open an application, you see a lot of jumps and these jumps go to different places So what happened if you go there? You can imagine an application that there is I don't know Maybe I mean you and there's something hidden there and and you have to put a Big number or a special word to go into this jump So this will help you to solve these constraints on the software. We have a lot of framework going on and And these two is really awesome. So I'm gonna show you real fast But if you want to take a look on this later, so of course reverse engineers all about assembly So you have to take a look on data functions and jumps so No, no mystery here So this is just a sample, right? Here we have this function that creates A key and there we have something else And you never go there in this case So here the the challenge was solved just patching the binary from jump not equal to jump so a Little simple stuff, but there's in the past was a lot of using in the crack stuff when you're cracking some software This is highly used just patching a jump or one or two and you're good to go So this this is one challenge. This was one challenge So I wanted to put some sample here. So we're talking about this This challenge from Google CTF from last year Unbreakable so it's It's a tool that you have to put the key the right key there to generate a Valid product key so you have to put a password or whatever and then you generate a key for you so If you put there something like that you have the you have some failure message, etc However, if you go here and take a look on the code. So here it's open with the binary ninja and If you go ahead you see The function that's called when the product the the activation fails and Then so note here. We have the function in the end 50 and we have the when the When this function is called it's because the the product was activated successfully So we have two functions That you can easily see when you disassemble the the software So here are just a simple code using angry and this is all it's pretty much all the code that you can you have You have to use so you put find where you want to to be so Where is your thank you or? Your case here Which function you you want to avoid and This is the altar. I didn't do this one. So this is the altar. So It's pretty much that you have just a cute. You say that's an argument and After this you run the code and you got the The king so You can see that it's a it's a it's very cool because it just made some twist on the reverse engineer stuff because You can just put whatever you want and where you want to execute and try to find a way to be there This is There's no verbose message here But when you put that in your code, you see a lot of things what they're what it's attempting and Whatever just to get to the message so This is it about the I just wanted to put about some sample from using symbolic execution because it's been used a lot actually a plugin that one That's like plug-in of the year from Ida Pro last year was a very cool Plug-in using symbolic execution and it's all click it. I want to hear I want to hear Make it for me. So it's ridiculous. So if you if you are interested in own reverse engineer Just take a look on these two. I just forgot the name as well well Ponce that's cool. That's that's true. So it's Ponce so Take a look if you are curious about it So if you want to get started on low-level exploitation some essential tools Gdb, of course, I Always say that Gdb. It's the the first time that I saw a Gdb in my life said how people do it. It's like It's disgusting You don't have anything It's very very hard to see stuff, but Now we got some a better interface that you can use as gaff and by the way this guy that made Gaff it's in our team He's really awesome. So and this tool is really really awesome really really awesome. You can You can monitor requests for example, it just understands if he can be a user after free It's very cool. Take a look And of course, it's a similar as well in this case by Nero Ninjal other two if you're not familiar with Bound tools and you want to join and I want to It start with this thing You should take it It's a leap for Python that you have a lot of handy stuffs for doing exploitation software exploitation, so It's a numerous you have a lot of stuffs there So if you are doing if you want to join a little exploitation take a look on this and you'll be happy so When you get it started what you should see well first thing check For which architecture is compiled the binary if it's 32 or 64 bits It's security check if it has pie Yeah, relocation read only SLR it's always It's the full so you always have the the libraries being handle my isn't in the memory It's by the full so ever I Didn't see any any any challenge that you didn't have a SLR enabled so then you have pie you have Relocation read only you have canaries and you have annex and noise occultable. So noise occultable is pretty much in all but maybe you see in some In some challenge that are not enough it's not enable When it's not enabled It's probably because you have to create some special shell code for that You have to being smart you have to be creative to to create your alphanumeric a with 50 50 bytes or 40 bytes or 30 bytes. I don't know and That's cool stuff So when you're checking that you you you have an idea on what you're dealing and maybe it's all Enabled and maybe it's not maybe it's just one or two, etc So what are the inputs? This is a very important stuff. So You should locate where you can put some data maybe You have to jump around to get something executed Maybe you have to combine two inputs to get an overflow enough by one for example So Where you can put the data it's very important You of course check the problematic functions before anything check that if you have if you have a string copy of have a F Gats or something like that Probably the the the starter the starter problem is there. So you have to take a look and of course for dealing with heap check the memory allocations and see if you are writing data in the same memory allocation or Whatever check what is doing now we have the stack clash Are you are you familiar with the stack clash technique that was launched one month ago? so basically it's when you get the stack overriding by the the heap or the other way around So a very cool paper by the way and keys of course, this is well not common maybe in some entry level stuff, but maybe you have to To exploit a string copy you have to do a summer reverse engineer and see That there is a key that you need to put in the first input for getting to the second input, etc So about the memory allocation. So when you see mostly all the the The heap challenge you have to define some length How many words you put there or how many sub allocation will be there? So this is very important when you're talking about memory allocations So this is another Another sample that I want to put here. It's a file stream point overflow That's found on the see the file challenge on pal navel. So this this is pal navel this is pal navel stuff It's not it's like it's open Every day. So if you want to join there now you have you can create you have a lot of cool challenge there Related to Low level exploitation none was Trivial none even the first one is not not that trivial. So that's cool. So you see that so If you're familiar with this technique, this is not It's not a very common technique you If you if you look for this information if you look like this file is three pointed overflow You see something like you you see something there, you know, but if you don't know What you're looking for so for example in this case. Well, I show you so in this case we have only The noise equitable enabled and the allocation read only was just partial So if you're able to overwrite the got The global offset tables you were able to do it because they are Relocation read only. Yeah, it's just partial, but it's not the case as well So here's the The software it's a very simple software you can open read right to the screen and close and Then you go out so The first time that I saw that I saw well, you can open a file in the system. So If you're familiar with a low level exploitation in Modern computers or anything like that, you see that the first thing when you don't have You're not able to write a shellcode or you don't have any space that is executable on memory you have to use Rob payloads So when you use Rob payloads, you need Well, that's not what I'm Would say but The thing here is that you can open read any file and you need a leak from the system to use The library C for example when you're talking about the unit stuff So you need a leak you need you need somewhere that's leaking an address from library C Then you take the base and then you find whatever function you want to call and then exploit so in this case a File in the system when a when a there's a file in the system when the software is running that It's proc self or proc the number of the PID maps and this file leaks The addresses including the library C in this case You wouldn't be able to see in the first time The address the base the address Just because there's a limited number of bytes. That's being show it. However The the file is never closed when you open that you have to close So if you read one more time you get the second The second part of this bite So the file be the files will be split in for example I don't know if you have I don't remember maybe it's 40 bytes You have like 40 bytes each time that you're reading so think about that I always say that when you solve a challenge, it's very easy after all After solve it everything is easy when you're doing it's very hard So keep that in mind because sometimes you want to show that stuff and you show very straight first up in a penetration test When you're showing in your report, you don't don't really show your attempts You really you just show your way for doing it and somebody maybe somebody that's not Related to the to the area can't take a look say that was easy, you know, I He found a Microsoft SQL with FCA with no password. Well, you found that but you find after scanning I don't know maybe 2000 computers and in a port now very different port So that's one thing that you keep in mind after you saw the after you see the The right up so whatever you're you're you're doing it's very easy Trust me. I spent a lot of times on this one Then well, you got that so if you I read one more time one time I read one more time and then I put on the screen and then I Get the libc base, you know, you can see there. So this is very important. Normally They will provide you the libc that they are using because the offsets from the functions are different Or in the other way, they want one day when they want you certainly will know that An address of puts an address of Another function and the difference between these functions can lead you to discover the the library see So this is one thing So then we have the leak so now we have to find the vulnerability because in this in this challenge the leaking was not really the problem, but In the most of challenge it is the leaking is part of the problem. So not in this one So here we have F scam I scan F and I have closed there So we know that skin F. It's dangerous in this time I I Can overwrite the F close argument in this section in this in this software So What I can do from there. So that's the point. This was very easy If you take a look you go ahead and open a file try a billion bites And then you go to really try a billion bites, you know Every space that you have to put bites put it and and and try it. So in this case Was in the exit menu When you put along a long Input you overwrite the F closes. So from there after spending some Few days, I mean, I think so. I don't know I Discover that so when you're closing a file You have a file a file structure in the in the memory that contains Mostly where the data on the file is and some headers and some stuff from this From this file and a lot of stuffs in one of these stuff It's called IO file jumps if you take a look in a file structure in a in memory You see All this structure and it's calling in the end the structural IO IO file jumps these are these file jumps. It's a functioning in library C So what you can do from there if we overwrite this function what we get it? So what we should do? Well, we leak it the library C. So we're good. We know what's the library C is so We find the system. This is the way that you find so This is the offset. So this is the the library C provided by the the challenge and I try to find system And this is the number of bytes more that you need to it should do the math after the The base library C so when you got this so in this case, I don't know you can just Do the math just that address plus these address and you got the system function So I Create a file structure on memory and I put a system as IO file jumps so Here as I we don't have pie enable so sorry I keep I can be here So there it's where the data is so after after you're debugging you see that this Data there will be allocated on the memory our own is on this address. Is that these address? Then we got in the end Instead of the IO file jumps we have a system so We have we are calling the system function instead the file jumps And in this in this in this place. Normally is the header of the file structure. That's it starts with f bad Oh, oh something so in this case this this data will be allocated exactly on SP plus four bytes and When you check that You see so what we did here We create week we We trigger the overflow and then we can overwrite the address that we are that we will be using the nav clothes so this address is this address just Just below the 32 ways Then we got the the file structure so this is the file structure that you're dealing the the three last lines and our file structure sets that our IO file jumps. It's a system and our and the argument for the For this is the slash beans slash bash So in the end you get executed and you got a shell so This is what I was talking about. Well, we need to This information was very helpful to me to understand a lot of stuff It may be just giving a talk fast like this. You don't don't get the point It's not it's not getting the flag for me. It's not just getting the flag, but it's it's trying to understand what I don't know and This was a case like this. I didn't know about this kind of overflow I didn't know how to to exploit this stuff and I learned Some cones about the CTF Gassing so in a lot of CTFs you have some gassing stuff so something that's not technical you have to guess well, it's not my thing and Most from the most of the CTF players too. So that's not the thing I I like and nobody likes actually as I said before 99% of the it's Linux for exploitation so you don't have a chance to to deal with this Windows stuff or new taxes and new techniques involving Windows. So that's a shame Well, I'll put it here self-disappointment because when you were lost 40 hours of your life doing trying to do something that you can't get it man It's hard to swallow, you know but in the end of the day you see that You could learn you saw a lot of stuff But this is something that you you have you know to wait And sometimes are very hard So 72 hours will not be enough for a common guy like me, you know So that's it Lessons learned from here To me it's about learn learn learn learn Share is care so take a look at what you're doing try to Spread your word and share what you learn it or what you're doing that will be helpful for someone This is pretty geek But having fun and knowledge. Well, you know, I'm not this kind of a very geek guy, you know this guy I Drink I smoke I do a lot of stuff, you know, but I have a lot of fun with CTF It's really good. And as I said before Well, I don't know if I put well I put here in conclusion of that I could go back to my roots, you know where I came from where why I'm in this area Why I'm doing this Because in the in the beginning was like I was Very excited. I want to learn I want to do stuff and then I got a job, you know, you have a family two kids Here do your job, you know and jobs always job, you know You can have the most fun job in the world if you have a boss and you have or you have a client It's a job, you know In the end of the day, maybe you're not that Happy with what you're doing. So when you got this free time and got some space for doing whatever you want to do It's cool. And in my case, I got back to my roots. I got back to to learn to read To exploit to Paul So that's the that's that's the thing. No, it's really fun again. And And Paul is just pure excitement again So, you know, we are in the in a penetration test. He got like, you know, the management is straighter You got everything pounded You know, and this got me back That now when I see a palm age, you know, you're really Well, it's beautiful. You have to To Understand and to see how how cool it is and that made me better on job as well So sometimes I was, you know, I have 40 hours and I Found this I found that and now I have to say in the in the last in the last years that I was not playing and After ten years doing the same thing. I was like, you know Doing the job, but now the thing changing, you know, I mean, I'm another person related to that and that's In that school So some resource Steph time again You can check that later. This this is a Video cast if you can say from captain Dragon sector captain. He Shows a lot of good stuff there. So if you want to take a look on mostly on low-level exploitation, these guys Really awesome. We have live overflow level flow. It's a little bit superficial, but you can start it with it. So So this is it You have any questions? Thank you Yeah, thank you for this very exciting talk. I guess I know what I'll be doing the next few weekends Thank you So now we have about 10 minutes left for some Q&A time Are there any questions if they are? Yeah, there's already someone lined up if it's okay a technical question So when doing binaries How do you deal with the GDP offsets being different than when running the binary normally? because Like let's say I have the address of a variable that somewhere but when I load it in GDP locally It's always different. It has oh, yeah with the name with the environment variables and so on When it when it with environments, oh, yeah, but when you cannot attach to a running process per se to get the variables real offsets it can be problematic when you develop the actual Payload, oh, yeah, so if I understand write your question or talk of variables in the in the environment for example Bash equal no, no, let me rephrase so when you run a binary normally Everything is at some addresses. Okay, but when you run it in debugger in the debugger The addresses are different the offsets. Okay, so there are there are few protections ancient debugging for example The main protect that you can attach before the the debugging so or you can using a LED preload for example and Using another another library to to start your software for example if we're talking about Linux and you start You can you can create a binary That will be loaded before the software with a deeper load exactly that will bypass the protection It's one of for example. It's a this is a very old protection by the very old bypass by the way so nowadays I Don't really know which which another Protection in Windows we have a lot of stuff going on and I'm not very familiar But in Unix I'm not I'm not very familiar with others Protections, but one way to do it is using a deep reload So you compile you compile with our binary if you take a look at a deep reload bypass the bugging stuff You'll see a lot of binaries that do this job Okay, and it's the key to do one more so for a student who cannot afford an Ida Pro Or yeah community edition could work or binary ninja play games Is like doing just the GDP with the Atari or Pita or I don't know pointy with you or what you showed all right you think for let's say higher level CTF Yeah, so kept the stream So well Because the licenses can get quite Yeah, well you have a lot of I use Ida a lot But you can use some another you're talking about Windows stuff No, but when you want to do like static analysis on something So now what you do you're you're talking about be a part was equitable elf or whatever Like any binary that you need to reverse. I'm not sure like Don't yeah, well if you're talking about Linux we have the binary ninja. That's a cool. That's awesome, too I talked just a little bit about this, but There's a lot of plugins and it's in Python and you can write your own and now now you can use Symbol execution, but it's just for P a elf. So when you're talking about P You were your rights the community edition. It's it's very Well, it's not that bad. I don't use Many many things from the community edition, but yeah, you're right the plugins that are very cool You won't be able to use it But if you're dealing with another the cool thing about the Ida product that it supports a lot of architecture, right? support arm support SNES, so yeah Unfortunately, there's no water really around Now that I can say here as expected cool Thank you Any more questions, please line up at the microphone Okay, maybe in the meantime iPhone question for you. So Do you think or maybe it's already the case that? CTFs will be as popular as exciting as other e-sports So if there's a new one published is there like a rush and people refreshing the leaderboards? Yeah, you know in Brazil we are having it's it's a CTF That's a very and very very in trial level, but they're they're trying to do some cool stuff for example for the public You know because what's the deal about sport because as a CTF player? I just want to play I don't I don't care But the excitement for the public is the key for the the the games going very popular, right? So for example, they they the guy showed me a CTF in I don't know somewhere in Asia that we know they have a lot of explosions ever player was be Was being recorded his face his scream. So it was like, you know, it's like It's like a rock star women the guy was there playing and everybody was watching and every time that somebody got a flag Some explosion came out was like very well if they if they could do that Maybe not as popular as a Soccer my baby as popular as Legend of something legal that I don't know Yeah, another YouTube video for me to check out when I got back home. Yeah somebody else So thank you guys. Yeah, and thank you again very much