Wednesday, December 17, 2014

Lego Mindstorms NXT Autonomous Navigation Tutorial UPDATE

In my previous post regarding autonomous navigation for the Lego Mindstorms NXT, I linked a youtube video series about how I planned on implementing it. While the video series is yet to come, the full code for the autonomous driving is available on GitHub:

Autonomous NXT GitHub

Tuesday, December 16, 2014

Slight, yet Important Change to Williams Parallel Quicksort Algorithm

Upon reading Anthony Williams' excellent book on concurrency and mutlithreaded programming in C++, C++ Concurrency In Action, I wanted to take a step further in analyzing the parallel quicksort algorithm used and developed throughout the chapters that is later even given the finishing touch by submitting work to a thread-pool.

Monday, November 24, 2014

Buffer Overflow Exploit : picoCTF 2014 Best_Shell Writeup

This shell is super useful! See if you can get the flag! The binary can be found at /home/best_shell/ on the shell server. The source can be downloaded here."  -- problem definition

This was perhaps one of the most straightforward problems to solve this year, yet was worth 160 points! We're given a relatively short problem statement and some code to analyze. Here it is:

Saturday, November 22, 2014

XSS Attack : Exploring picoCTF 2014 secure_page_service

"The bad guys have hidden their access codes on an anonymous secure page service. Our intelligence tells us that the codes was posted on a page with id 43440b22864b30a0098f034eaf940730ca211a55, but unfortunately it's protected by a password, and only site moderators can view the post without the password. Can you help us recover the codes?"  - problem definition

This year, picoCTF had a problem worth 100 points, titled "secure_page_service" which seemed to be a primitive "facebook" style service where you can share posts, view other posts, and even flag other posts for moderation (Which is quite important!).

Monday, November 17, 2014

picoCTF 2014 SQL Injection 1 Writeup

In this series pf writeups we'll be dissecting SQL injections to solve picoCTF challenges. There will be a total of 4 articles in this series, with each one going a bit more in depth and using different SQL injection techniques to exploit vulnerabilities present on the problem webpages.

Sunday, November 16, 2014

Anatomy of an ROP Attack: Case Study

In this article, we will learn the fundamentals of Return Oriented Programming (ROP) while dissecting a picoCTF problem regarding ROP. This will serve primarily as a primer/introduction to ROP, while the next article (ROP4 Writeup) will be a continued application of ROP to yet another problem. So let's begin by examining what is ROP, and why are we even using it?

Saturday, August 16, 2014

Surviving a Kidnapping : Particle Filter Style

In this article we will see how particle filters when used in Mobile Robot Localization, such as in Sequential Monte Carlo,  can be implemented to be versatile enough to handle a robot kidnapping -- that is , a robot being randomly removed from its track. This has several applications in real robotics as well as in competitive robotics, such as robot soccer where the robot soccer players are frequently picked up and moved around by humans. In a real robotic application, this can be applied to robots such as underwater autonomous vehicles that can be swept away by a strong ocean current or an animal. These random motions can throw off the strong particles in a filter and ultimately lead to localization failure, because no particles in the distribution agrees with the sensor measurements and motions of the actual robot.