Thice Security

Nijverheidsweg 3 009, 1613 DZ Grootebroek, The Netherlands
Thice Security

Posts Categorized / Code

HitB 2015 CTF write ups

04/06/2015 | Code, CTF | by Thice

During the Hack in the Box Amsterdam 2015 conference (28,29 May 2015) we participated for the 3rd time in a row with team Hack.ERS in the CTF game. Once again the team included both me and Gijs from the Eindbazen team and Riley as the 3rd player. Multiple other Eindbazen members organized the CTF just as in the […]

HitB 2014 CTF write ups

23/01/2015 | Code, CTF | by Thice

During the Hack in the Box Amsterdam 2014 conference we participated with the Hack.ERS team of Deloitte in the CTF game. The team included both me and Gijs from the Eindbazen team, while multiple other Eindbazen members organized the CTF. While this might sounds weird it actually meant that the organizing Eindbazen really liked to […]

Eindbazen ebCTF write-ups

21/01/2015 | Code, CTF | by Thice

With the Eindbazen CTF team, we hosted the CTF (ebCTF) during the hackers event OHM2013. To generate some awareness about the CTF and OHM2013 event we also held a Teaser round some time before it. Besides full-filling an organizers role I also created multiple challenges for both the teaser round and the CTF. For the teaser round I created […]

Meaningful MD5 Collisions: Creating executables

19/01/2015 | Code, CTF, Forensics, Malware | by Thice

More than two years ago I worked on meaningful MD5 collisions, especially creating executables files, but I never finished my write up about this until now (hurray for having a sabbatical 😉 ). The idea behind this project was to create multiple executables with the same MD5, but with different behavior. I ended up creating […]

Perl2Exe back to Perl – 64-bit (with x64_dbg)

06/01/2015 | Code, Malware | by Thice

After posting information on my website about the Perl2Exe reversing article I published before, I got a comment with a question on how to perform the same “trick” on 64-bit Perl2Exe executables. Sadly enough at that time there was no free and easy to use 64-bit debugger available to create a similar approach for 64-bit […]

Convert cheap 433Mhz sensors to KaKu/CoCo with an Arduino convertor

24/08/2014 | Code, Hardware, Mods | by Thice

In the past 1,5 year I have been playing a bit with Home Automation (or Domotics / Domotica) systems. I initially bought the HomeWizard, but was pretty disappointed in it. When the HomeWizard domotica system was introduced I expected a lot of it, sadly enough it has not been as great as I hoped and I am currently […]

Perl2Exe back to Perl – 2014

12/08/2014 | Code, Malware | by Thice

Two years ago I published my Perl2Exe back to Perl article in Digital Forensics Magazine, more information can be found in my post here. Since I published this article in a magazine I was not allowed to post it on my own website as well, but since enough time has passed I am now allowed […]

Reverse Engineering Perl2Exe back to Perl

01/08/2012 | Code, Forensics, Malware | by Thice

In the August issue of the Digital Forensics Magazine (DFM) my article on reverse engineering Perl2Exe can be found. The article describes a way to recover the source code of the Perl program back from the executable created with Perl2Exe program. Reverse Engineering PERL2EXE Back to Perl Perl2Exe is a program which converts Perl source […]

Samsung WB650 Video file Scalpel rule

08/10/2011 | Code, Forensics | by Thice

I recently ran into the issue that my new photo-camera (Samsung WB650) somehow decided to erase all the data of my SD card. Since the SD card was filled with a lot of photos and video files I decided to image the SD card and to try to recover my files. The photo files all […]

Creating ACK-GET packets with scapy

06/06/2011 | Code, CTF | by Thice

During the recent Defcon 19 CTF pre-qualifications, one of the challenges included to connect ‘quicker’ to a web server. While figuring out what the solution was for this challenge one of the things I tried was to send the HTTP GET request already in the TCP handshake stage. Sadly enough this had nothing to do […]