From 6a321759f6f75e7e14a29fde7cd0fa359d14215e Mon Sep 17 00:00:00 2001
From: Louis Burda <quent.burda@gmail.com>
Date: Wed, 21 Jul 2021 19:37:15 +0200
Subject: final tweaks to documentations, added intro and final presentation
 slides

---
 documentation/slides/slides.md | 184 -----------------------------------------
 1 file changed, 184 deletions(-)
 delete mode 100644 documentation/slides/slides.md

(limited to 'documentation/slides/slides.md')

diff --git a/documentation/slides/slides.md b/documentation/slides/slides.md
deleted file mode 100644
index 48e3447..0000000
--- a/documentation/slides/slides.md
+++ /dev/null
@@ -1,184 +0,0 @@
-title: STLDoctor
-output: index.html
-controls: false
-
---
-
-<style>
-
-.footnote {
-	font-size: 16pt;
-	position: absolute;
-	color: gray;
-	bottom: 0px;
-	right: 0px;
-}
-
-.slide-content {
-	position: relative;
-}
-
-.slide-content > ul >li {
-	padding: 7px 0px;
-}
-
-.slide-content > p > img {
-	width: 100%;
-}
-
-</style>
-
---
-
-# STLDoctor 💉
-
---
-
-### The Plan 💡
-
-<!-- Familiar with C and wondered about non-standard
-     buffer-/integer overflow C bugs -->
-<!-- Plaintext file inspection service -->
-<!-- Interesting and realisitic bugs -->
-<!-- Written in C -->
-<!-- Have to combine 'gadgets' for exploit, but
-     as a logic bug, not RCE -->
-- Plaintext service
-- Interesting C bugs
-- Exploit logic bugs, not RCE
-- Learn about the STL format
-
-<img style="width: 240px !important; transform: rotate(90deg); height: 240px; position:absolute; top:150px; right:70px;" src="https://upload.wikimedia.org/wikipedia/commons/9/9b/STL_sample_2.png">
-
---
-
-### Setup 🔧
-
-- C binary that communicates via `stdin` and `stdout`
-- Networking abstracted through hosting with `socat`
-- File system backend with periodic clean up
-
-![socat](media/socat.gif)
-
---
-
-### Functionality 🎮
-
-<!-- file system backend separates user accounts and stl files location for non-guests -->
-<!-- guest account files can be downloaded by knowing their modelname,
-     premium account files can only be downloaded by authenticated users -->
-
-- Users can upload and search for files
-- Register to upload private files
-- Uploaded files are analyzed and information is returned to the user
-
----
-
-<!-- Sample interaction demonstrating how you would retrieve a file you uploaded -->
-
-![FileSearch](media/search.gif)
-
---
-
-### 1. Vuln 💉
-
-- Flags are stored in the solidname of the STL
-- Bug in upload info file parsing allows attacker to retrieve any public file
-
---
-
-### 2. Vuln 💉
-
-- Flags are stored in the solidname of a private file
-- Buffer overflow in hash function allows enumeration of private user hashes
-- Generate preimages of weak hash function to login as users
-
---
-
-### Goals Met 🎉
-
-<!-- dont need to be an expert at fancy exploitation to exploit,
-     just basic knowledge of C and testing code snippets to see
-     if they do what you expect them to in different cases -->
-
-⭐ Plaintext file inspection service <br>
-⭐ Interesting and realisitic bugs <br>
-⭐ Combine different gadgets for exploit <br>
-⭐ Don't need to be an expert at fancy ROP <br>
-⭐ No SLA lost in TestCTF <br>
-⭐ Written in C
-
---
-
-### Issues 📉
-
-<!-- Currently, the exploits dont require you to understand the
-	STL file format, however, to make sure that the service
-	is working correctly, you need to inspect the code -->
-
-<!-- Still considering encoding of flags as STL, but want to
-	avoid -->
-
-💥 Exploits not directly related to STL format <br>
-💥 (Eno)checker has memory leaks
-
---
-
-### Lesssons Learned 
-
-<!-- from the feedback I gathered, that not a lot of people write C code
-     often, but this also means it is a great opportunity for learning
-     something new. -->
-
-- Many exploits are not suited for A/D ctfs
-- How to write a FSM format parser
-- Be careful with casts in C
-- People just *love* C services 🤡
-
---
-
---
-
---
-
-# Exploit 1
-
---
-
-![exploit-1-1](media/exploit-1-1.png)
-
---
-
-![exploit-1-2](media/exploit-1-2.png)
-
---
-
-![exploit-1-3](media/exploit-1-3.png)
-
---
-
-![exploit-1-4](media/exploit-1-4.png)
-
---
-
-![exploit-1-5](media/exploit-1-5.png)
-
---
-
-# Exploit 2
-
---
-
-![exploit-2-1](media/exploit-2-1.png)
-
-
-
-<script>
-	// var slide_headers = document.querySelectorAll(".slide-content > h3");
-	// for (var i = 0; i < slide_headers.length; i++) {
-	// 	var img = document.createElement('img')
-	// 	img.src = "logo.png";
-	// 	img.style = "height: 2.4ex; padding-right: 10px; float:right";
-	// 	slide_headers[i].append(img);
-	// }
-</script>
-- 
cgit v1.2.3-71-gd317