Thanks again for running this Stripe. It was quite fun and informative to actually implement some of these exploits rather than just recognize the possibility for it existed. Every level was instantly recognizable for the weakness that was available to take advantage of, but it sometimes took me hours of effort to write something that exploited it.
I am surely dreaming, but I would love to see a soup to nuts blog post series (not necessarily from Stripe) that would take me through every step, the reasoning involved, how to protect against the exploit, creating the C programs on linux, etc. Something along the lines of the multi-part pokerbot series I remember from a long while ago.
Awesome guys. I greatly enjoyed being there for the final presentation, especially hearing all of the different ways people had solved the levels. Thanks for publishing the AMIs.
Am I missing somewhere where it says open format? It specifically states they are using Amazon web services... It might not be to everyones taste but there seems to be this never ending battle for "I wish they would open source it", "I wish they would make it more open", "I wish they would use the BSD licence instead of GPLv3" it just seems to never end..
It's pretty easy to run an instance for a few minutes while you rsync the whole thing wherever you want. We used AMIs mostly because we ran the CTF itself in AWS and didn't have a great place to store the images otherwise.
Thanks for putting this on and leading me to smashthestack.org, I had looked (admittedly, a shallow look) for a CTF style game after doing one at a conference last year. These things are crazy addictive to me..
