STLDoctor 💉

Index 🗄️

• Service recap
• Optimization
• ENOWARS 5
• Reflection

Refreshing Memories 💾

• Plaintext service written in C
• Users upload STL files for parsing
• Private and public storage (2 flagstores)
• 1. Vuln: Deserialization
• 2. Vuln: Hash preimage

Since Last Meeting ⏩

• Performance improvements
• Added service fluff

Issues 😒

• Slow search / list operations
• Enochecker memory leak without patch
• Engine error on worker restart with patch
• Logs not showing up in ELK

Solutions 💡

• Index files with locks for directory listing
• Refactored checker for asyncio
• Condensed checker functionality
• Increase docker-compose log size

ENOWARS 5

OSError 💢

• Checker throws INTERNAL_ERROR on bad connection
• Fixed in c97789ad.. of enochecker3

Checker Overload 💥

• Checker tasks being aborted for every team

Checker Overload 💥

Anomaly 👽

Feedback 🤔

• 1. flagstore exploited after ~4h (R190)
• 2. flagstore not exploited

Conclusion 🎉

• Relatively good uptime
• Not too easy / hard
• Users found vulns interesting
• No (known) unintended vuln
• Had a lot of fun

Slow IO 🐌

• Enumerating files in a directory is expensive
• Index file per directory containing file names
• File locks to ensure exclusive writes

Investigating readdir(..) 🔍

__readdir(..):

Investigating readdir(..) 🔍

__get_dir_entries(..):

Checker Overload

Checker Overload