Writeup for
#QEMU
VM Escape found by our team member
@vishnudevtj
:
In the writeup, Vishnu describes how he found and exploited CVE-2019-14378 that was a pointer miscalculation bug in network backend of QEMU to get code execution!
#Exploitation
Our team stood at the first position for the second consecutive year in the Braindead CTF organised at
@nullcon
!
Also, girls from our team participated as
#TeamShakti
in
@Winja_CTF
and finished first!
Thank you for organising both CTFs at
#NullconDasham
See you all next year!
Team bi0s secured first position in Battle Underground CTF hosted as a part of Nullcon International Security Conference, Goa 2018.
Thank you Salesforce India for sponsoring the prizes.
@nullcon
@null0x00
@salesforce
#nullcon
#nullcon2018
We finished 3rd among 585 teams in
@asisctf
organised internationally this past weekend! Thank you
@asisctf
for organising this CTF!
Also, congratulations for
@DefConUA
and
@TokyoWesterns
for securing 1st and 2nd place respectively! It was a tough battle for the top places ;)
Yesterday, our team participated in onsite finals in Da Nang, Vietnam and finished as the first runner up, winning a cash prize of $1000.
Congrats to ACEBEAR for winning &
@fluxfingers
for finishing as second runner up!
We sincerely thank the organisers for the whole event!
We won the ISITDTU CTF Qualifiers 2019 internationally among 327 other academic and professional teams!
We have hence qualified for the Finals that will be held in Vietnam!
Looking forward to seeing other qualified teams there 😃
Thanks to organisers for this CTF!
InCTF 2019 saw our Hardware team make a Star Wars-themed IoT Badge for the finals. It turned out to be a huge success.
We have written about our experience designing the badge as a blog post:
#BadgeLife
#InCTF
#InCTFj
#CTF
Two of the core members of our team:
@gkgkrishna33
and
@jkrshnmenon
are starting their PhDs at SEFCOM lab,
@ASU
under Dr. Tiffany Bao, Dr. Yan, Dr. Adam Doupe & Dr. Ruoyu Wang!
We thank them for their massive contribution to the team & wish them luck for their future endeavours!
Our DFIR team won first prize in The International Digital Forensics Challenge (DFC) 2023, organized by
@KIISC_DFR
@Azr43lKn1ght
,
@5h4rrK
,
@sp3p3x
and
@j0hith
were invited to present at the DFRF ceremony in Seoul, South Korea.
Thank you
@KIISC_DFR
for this opportunity.
Our team's performance statistics of the year 2020.
We finished 35th worldwide, and 1st in India for the 5th consecutive year.
We finished Top 10 in 12 CTFs this year. Noteworthy performances include securing 1st in IJCTF, 2nd in Byte Bandits, 4th in FwordCTF, etc.
(1/5)
#CTF
Two of our members
@Tr3x__
and
@akulpillai
successfully completed their Google Summer of Code 2019 with the
@netbsd
! They both were involved in separate projects to fuzz the NetBSD kernel. (1/3)
We finished 15th internationally in DefenitCTF which was conducted this weekend. We thank
@Defenit1
for the really good challenges.
#CTF
#cybersecurity
In the
@nullcon
CTF organised this past weekend, our team secured the third position globally!
The CTF had a lot of interesting challenges & we surely had fun solving them! Thank you for the great CTF!
Looking forward to seeing you all in
@nullcon
Goa 2019 ;)
We are announcing IndiaSec -- a slack forum for all Indians interested in different fields of security to join, discuss and share knowledge!
We are doing this to raise Cyber Security awareness among Indians. Anyone interested is free to join!
Join here:
We finished 5th globally in the Decompetition CTF organised by
@shellphish
! Thank you for the great set of challenges.
scoreboard:
#CTF
#cybersecurity
2019 was a spectacular year for us. We finished 21st worldwide, our best ranking ever and 1st in India for the 4th consecutive year.
We finished Top 10 in 12 CTFs this year. Noteworthy performances include securing 1st in ISITDTU CTF, 3rd in
@asisctf
etc..
#ctf
#Cybersercurity
Introducing Wall of Shame, a framework written by one of our team members,
@theevilsyn
, for disclosing sensitive information like user credentials and device details using Hak5 devices.
Link:
#cybersecurity
#infosec
#mitm
#hak5
We had a whoping 908 teams registered among which 144 team has acquired a place in the scoreboard but there can only be three winners.Congratulations to the winners for IJCTF
#1
@teambi0s
#2
misc
#3
zer0pts Hold your horses until next year may we meet again.
.
@Tr3x__
of our team delivered a talk on
#day3
in the fuzzing track of
@nullcon
where he talked about Coverage Guided Fuzzing,
#syzkaller
, and results the
@netbsd
community got after porting syzkaller to NetBSD recently :)
We finished 7th globally and 1st nationally in
@CSAW_NYUTandon
CTF organised online last weekend, among 1301 academic and international teams!
Taking this opportunity to invite all teams to participate in
@InCTF
International this weekend. Register here:
TeamShakti(
@teamshakti06
) The all-girls CTF team from India are organizing their first ever online CTF on 4th Dec 2020.
To stay up-to-date with the CTF please fill out:
#CTF
#cybersecurity
#ShaktiCTF
bi0sCTF 2022 is officially over!
Congrats to the winners:
🥇
@thehackerscrew1
🥈
@idekCTF
🥉SKSD
We hope you enjoyed the challenges, and hope to see everyone again later this year for bi0sCTF 2023!
Please do leave your feedback at .
#ctf
#bi0sctf
#bi0sctf
2024 has officially ended!
Congrats to the winners:
1.
@thehackerscrew1
2.
@r3kapig
3.
@FlatNetworkOrg
We hope you enjoyed the challenges this edition, and hope to see everyone again for bi0sCTF 2025!
Please do leave your feedback at
Last month our members -
@TarunkantG
@__c3rb3ru5__
&
@gkgkrishna33
found three bugs in
@backdropcms
, one of them being a critical RCE & other two being moderately critical XSS's.
Three CVEs have been assigned: CVE-2019-14769, 14770 & 14771! Congratulations guys!
2021 was another tough and challenging year.
We acted proactively through the chain-reaction of unprecedented events of the continuing pandemic, improving the team spirit and culture, ending the year with prodigious achievements, insights and progress.
We finished 8th globally in the recently concluded Aero CTF organized by
@AeroCTF
. Thank you for the great set of challenges.
Scoreboard:
#CTF
#cybersecurity
Here we go! My first VM Escape in qemu with default configuration. Will publish the exploit and more details when its fixed. Thanks
@renorobertr
@Th3_M3nt0r
and
@teambi0s
for the inspiration and support !
2018
@CTFtime
rankings are out!
We finished
#1
in India for the third consecutive year,
#35
globally,
#13
globally among academic teams!
Global rankings:
We improved and learned a lot this year, and hope that we improve and learn more in 2019!
The registrations of InCTF Internationals 2021 are NOW OPEN!
Please register at .
Please join our discord server -
CTF goes live on 13 Aug. 2021, 13:30 UTC and runs for 48hrs.
#CTF
#InCTFi
#cybersecurity
#infosec
Our members
@TarunkantG
&
@__c3rb3ru5__
did a small research in which they created a fuzzing tool that found new functions to bypass PHP disable_functions & can also tell how strong your disable_functions is.
Full report:
Tool:
Blast off in 3..2.. err.. 1577503800! We cannot wait for InCTF'19 and pretty sure you cannot too! Here is a sneak peek at the goodies.
Do you want to know which one you're gonna get? Come and find out!
#InCTF
#InCTF19
#InCTFj
#cybersecurity
#infosec
We finished 14th internationally among 747 teams in the recently concluded HackTM CTF Quals. Thanks to
@WreckTheLine
for the challenges. We have published the writeups for some of the challenges.
Check out our blog:
#CTF
#HackTM_CTF
#Cybersecurity
<3
@vishnudevtj
, a member of our pwning team and currently pursuing his third year of undergraduate studies, found a VM Escape in qemu last week :)
More details will be coming after full responsible disclosure!
#ZeroDay
Here we go! My first VM Escape in qemu with default configuration. Will publish the exploit and more details when its fixed. Thanks
@renorobertr
@Th3_M3nt0r
and
@teambi0s
for the inspiration and support !
Our member
@ashutosha_
presented a talk on "Security Analysis of E2EE in chat applications" and teamshakti members
@rudyerudite
and
@_nsg_99
conducted a workshop on "Intro to the Dark Arts" for beginners in CTFs at
@bsidesdelhi
2019.
This past weekend we participated in
#De1CTF
organised by De1ta CTF team and finished 10th among 724 teams worldwide! Thanks for the great CTF, we had a lot of fun!
#CTF
We finished 11th Globally and 1st in the CSAW India region, in the recently concluded CSAW Quals 2021 organized by
@CSAW_NYUTandon
. Thank you for the CTF!
#CTF
#Cybersecurity
teambi0s at nullcon, it was a great experience for all of us especially for the first years who got an opportunity to attend an International Conference.
We also won an Xbox to unwind during CTFs! ;)
@nullcon
@null0x00
#nullcon
#Nullcon2018
#infosec
Our members Adithya (
@amun_rha
) and Rohit (
@Lu513n
) won the Dome CTF organized at
@_c0c0n_
.
The team came first before 64 teams and received a cash prize of ₹ 1 lakh at the ceremony held on September 24th.
We thank
@Th3_M3nt0r
for his constant and everlasting support!
We are excited to announce bi0s meetup that will be organised at Amrita Vishwa Vidyapeetham, Bengaluru on 8th February! The primary focus is to promote security education and awareness. The meetup is open and free for all! More information at .
We finished 2nd locally and 11th globally in the
@hack_lu
CTF among 973 academic and professional teams. Thanks to
@fluxfingers
for the nice challenges. Can't wait to get our hands on the prizes ;)
Of course we also had a bunch of local teams playing. While attending the conference they achieved some quite competitive results. Our local winners are:
1.
@FlatNetworkOrg
2.
@teambi0s
3.
@We_0wn_Y0u
Great job! See you at the award ceremony at 5:00pm
We stood 13th globally and 1st onsite in
@hack_lu
CTF (thanks to
@GeethnaTk
for being there)! We are learning and improving! Yay!
Thanks to the organisers for putting up the CTF! One tip: don't put steg0 like challenges again lol!
Our onsite winners are: To bi0s, Cyber Pig Security and pollypocket.
We will have the prize ceremony later this afternoon.
Sponsored by
@Telindustelecom
.
#Hacklu
#ctf
InCTF Internationals 2021 has come to an end.
Congratulations to
@pb_ctf
,
@SuperGuesser
, C4T BuT S4D for securing the top 3 spots, and congratulations to all other top teams!
Hoping to see you all next year as well!
Do rate us at:
#CTF
#InCTFi
We're excited for a bigger and better version of InCTF Internationals!
We have better quality level challenges this year, with some new additions such as Browser and Kernel Exploitation ;)
Join us for the CTF!
Registrations for InCTF Internationals are now up: !
CTF starts on 21st September 0200 UTC and runs for 48 hours! Get ready for some high quality challenges!
Details of the event:
#CTF
#InCTFi
#InCTFi19
Members of our team
@sherl0ck__
@slashb4sh
published a detailed write-up of the kernel pwn challenge "p4fmt" from CONFidence teaser CTF organised by
@p4_team
:
Thanks for the great CTF!
Last week, our team participated in the BSidesSF CTF and finished as runner ups!
We sincerely thank the organizers for the putting up the CTF and for the whole event!
#BSidesSF
@0xb0bb
Don't miss the episode later today at 17:00 UTC: . We have a great competitor line-up consisting of: peace-maker, NotDeGhost,
@vishnudevtj
and
@__spq__
Who will be the first one to solve today's tricky pwnable
#CTF
challenge?
Our team member
@_abhiramkumar
conducted a one-day workshop on Memory Forensics at MEC DEV Conference, Kochi last week. Slides from the workshop by Abhiram:
I had a wonderful time conducting the workshop on Memory Forensics at MEC DEV Conference
@mecdevcom
on July 26th✌️. I had a lot of fun💥. If anyone is interested, the following is the link to the slides I made for the workshop.
#DFIR
#cybersecurity
#HappyIndependence
Day, India! 🇮🇳🇮🇳
We as a country, have come a long way and we still have plenty more to go.
Same is the case, here at InCTF Internationals.
With almost 7 hours to the finish line, it's still anyone's game!
#CTF
#InCTFi
Looking back on 2022, it's time to reflect on another year of overcoming obstacles and achieving great things in the field of cybersecurity by team bi0s and its members
Check out our Year in Review blog post
#cybersecurity
#ctf
Looking for hardcore and interesting CTF challenges?
Linux kernel & Safari browser exploitation.
Applied Elliptic curves & ECDSA forgery.
Hardcore Linux/Windows reversing.
Computer forensics.
Network Pentesting.
Oh, you like them? Register at - LIVE NOW!
Exciting news!
Registration for bi0sCTF 2024 is officially OPEN! Join us in the ultimate cyber battleground. Don't miss out on the action, sign up now at
#bi0sctf
#CTF
#CyberSecurity
Don't miss out on the fun!
#bi0sCTF
is starting in just 24 hours. We invite you to register at and showcase your skills for a chance to win one of the following prizes:
- 1st place - $300
- 2nd place - $200
- 3rd place - $100
#ctf
#cybersecurity
.
@teambi0s
alumni
@jkrshnmenon
discovered his first CVE and it has been classified as "CRITICAL" on NVD:
He discovered this vuln while working on a research project with Prof. Christophe Hauser. Looking forward to a blog post detailing the same! ;)
Exciting news! Registration for
#bi0sCTF
2022 is officially open! Get ready to put your hacking skills to the test and compete against the best in the industry. Don't miss out - sign up now at
#cybersecurity
#ctf
Our team member
@_1nt3rc3pt0r_
discovered medium severity bug at config-handler which is vulnerable to Prototype Pollution when loading config files. Got assigned with CVE-2021-23448.
More details:
#CVE
#infosec
#CyberSecurity
Our member
@YadhuKrishna_
found a high severity bug that allows the attacker to perform sensitive actions and was assigned CVE-2021-23404 for his first bug in SQLite-Web.
#CVE
#SQLite
#CyberSecurity
InCTF National Edition: A beginner friendly talent hunt contest is back with its 9th edition! Top performers @ finals get a chance to win prizes up to INR90k and an opportunity to work/intern for Cognizant/VMWare.
For more details and registrations visit:
Our member
@vishnudevtj
found vulnerabilities in popular software like QEMU, VirtualBox, FreeBSD and got assigned with CVE-2020-7039, CVE-2020-2929, CVE-2020-7454, CVE-2020-7455.
#cybersecurity
#0day
We stood 12th across the world in CSAW CTF Quals 2018! Thoroughly enjoyed playing the CTF this year, thanks to great set of challenges by
@osirislab
and close competition between teams. Looking forward to CSAW CTF Finals 2018!
48-hour Quals is officially done. Nicely done,
@osirislab
!
#CTF
scoreboard is frozen. Thank you so much to all the teams who participated this weekend. Check out the scores here: . Official announcement of Finalists will be posted in early October.
Any flag could change the game.
We are back with InCTF Internationals 2021 and we'll go live at 13:30 UTC on August 13!🗓️
Mark your calendars, fire up your hacker brains, and get ready to hack!
Registrations will start 1 week before the
#CTF
#infosec
We ended this spectacular year conducting
@InCTF
nationals and
@InCTFj
in a grand fashion for promoting cybersecurity in India. Bring it on, 2020!!
#InCTF
#InCTFj
#ctf
We played
@umdcsec
's UMD CTF over the weekend. And got overall 5th place, and 3rd Place in the Open Division! Thank you for putting up fun challenges and conducting this CTF
@umdcsec
Our team members
@L0xm1_07
and
@k1n0r4
presented a talk at
@dc0471
Meetup on 04-11-2023 on the topic Evading Threat Defence: Choose the path less taken for fun and profit.