Show:
Binary exploitation
BornHack network
'___' Considered Harmful
DuckDuckType
Sounds of the internet
100

The vulnerability class and responsible line number in this code:

 0 #define MAX_NAME_LEN 50
 1 typedef struct {
 2   char name[MAX_NAME_LEN];
 3   int room_number;
 4 } Hacker;
 5 void add_hacker(Hacker *guest) {
 6   char buffer[64];
 7   printf("Enter guest name: ");
 8   fgets(buffer, sizeof(buffer), stdin);
 9   buffer[strcspn(buffer, "\n")] = '\0';
10   strcpy(guest->name, buffer);
11   printf("Hacker guest %s added to room %d.\n", guest->name, guest->room_number);
12 }
13 int main() {
14   Hacker guest;
15   guest.room_number = 1337;
16   printf("Welcome to the Hacker Hotel Booking System\n");
17   add_hacker(&guest);
18   printf("Thank you for booking with us, %s!\n", guest.name);
19   return 0;
20 }

What is buffer overflow at line 10?

100

151.216.32.0/21

What is the BornHack legacy network prefix / The Bornhack ipv4?

100

"I discovered why the use of BLANK has such disastrous effects, and I became convinced that the BLANK should be abolished from all "higher level" programming languages (i.e. everything except, perhaps, plain machine code)."

What is Goto Statement Considered Harmful?

100
def f(xs: list[BLANK]) -> int:
    s = 0
    for x in xs:
        s += x
    return s

What is int?

100

What is Nyanyanyanyanyanyanya! / Nyan Cat?

200

An exploit mitigation technique first pioneered by OpenBSD in 2003.  Microsoft implemented the same in Windows under a different name a year later.

What is W^X (Write xor Execute)?

200

151.216.36.2 151.216.36.53 2001:678:9ec:36::2

What are the on-site DNS nameservers, resolvers - handed out by DHCP?

200

"When you choose BLANK you get:

- an entire copy of Chromium you'll be shipping with your app

- An interface that looks and feels nothing like the rest of the user's OS

- One of the slowest, least memory efficient, and most inelegant GUI application platforms out there (remember, we tolerate frontend web development because we have no choice, not because it is by any means good)."

What is Electron Considered Harmful?

200
def f(x: BLANK):
    return x[3] * 3

What is str?

(The str type can be both indexed and multiplied.)

200

What is Friday by Rebecca Black?

300

An exploit developed by NSA and leaked by Shadow Brokers in 2017, targeting a buffer overflow vulnerability in the Microsoft Windows SMBv1 server.  The same vulnerability was then used by the WannaCry ransomware, threatening a global IT outage long before CrowdStrike.

What is Eternal Blue?

300

42541

What is the ASN for the Fiberby uplink?

300

"The answer is "No." Such a modification confuses what cat's job is - concatenating files - with what it happens to do in a common special case - showing a file on the terminal"

What is Cat -v Considered Harmful?

300
def f(g: Callable[[int], BLANK]) -> BLANK:
    return g(5) + 5j

What is complex?

300

What is Harlem Shake?

400

An exploit mitigation technique which involves adding small random values on the stack before the return address.  If the values change, it can indicate that a buffer overflow might have rewritten the stack, and the program will terminate preventing attempts to overwrite the return address and execute arbitrary code.

What are stack cookies / stack canaries?

400

240

What is the model number of the BornHack router?

(Juniper MX240)

400

"It often seems that BLANK get written simply because an author can't think of a better way to express his point of view. This is a sad commentary on both the authors in question and the level of debate most often present in our societies."

What is “Considered Harmful” Essays Considered Harmful?

400
if random.random() < 0.5:
    bool = list[str]
else:
    list = bool

def f() -> BLANK:
    return ["hello", "bornhack"]

What is bool?

(mypy executes all branches when type checking.)

400

What is Diggy Diggy Hole / Yogscast?

500

The vulnerability class and responsible line number in this code:

 0 born resb 4
 1 hack resd 1
 2 mov eax, 3
 3 mov ebx, 0
 4 mov ecx, born
 5 mov edx, 4
 6 int 0x80
 7 mov eax, [born]
 8 sub eax, '0'
 9 mov [hack], eax
10 mov ebx, 0x7FFFFFFF
11 add [hack], ebx
12 mov eax, 1
13 xor ebx, ebx
14 int 0x80

What is integer overflow at line 11?

500

2a09:94c4:55d1:7682:162::1

What is the IPv6 address of www.bornhack.dk?

500

"When I first heard about BLANK in python, I thought it sounded like a great idea, and should be adopted by everyone immediately! After all, it fixes inheritance diamonds, makes you not have to encode the superclass name into every call, and lets you use the same structure to call superclass methods as methods on another class. However, after poking around with it a bit, I now feel that people should generally avoid it. It really is the "right thing", but it just doesn't seem to work in Python."

What is Python's super() Considered Harmful?

500
@overload
def f(x: int) -> BLANK: ...
@overload
def f(x: int, y: int) -> int: ...

def f(x: int, y: Optional[int] = None) -> BLANK:
    return x * 0.5 if y is None else x + y

What is float?

(Usually you would need to write Union[BLANK, int] here, but int is "duck type compatible" with float and complex, and float is the shorter of those two.)

500

What is Yes - Roundabout / To Be Continued / JoJo's Bizarre Adventure?