

Run your own CTF: Stripe publishes VM images - ab
https://stripe.com/blog/capture-the-flag-wrap-up

======
janzer
Thanks again for running this Stripe. It was quite fun and informative to
actually implement some of these exploits rather than just recognize the
possibility for it existed. Every level was instantly recognizable for the
weakness that was available to take advantage of, but it sometimes took me
hours of effort to write something that exploited it.

------
ericb
I am surely dreaming, but I would love to see a soup to nuts blog post series
(not necessarily from Stripe) that would take me through every step, the
reasoning involved, how to protect against the exploit, creating the C
programs on linux, etc. Something along the lines of the multi-part pokerbot
series I remember from a long while ago.

Thank-you to Stripe for putting CTF together!

~~~
Getahobby
<https://github.com/dividuum/stripe-ctf> The above was linked to in the
article.

~~~
ericb
Missed that. Thank-you!

------
nathancahill
Awesome guys. I greatly enjoyed being there for the final presentation,
especially hearing all of the different ways people had solved the levels.
Thanks for publishing the AMIs.

------
rwmj
They've got VM images locked into Amazon Web Services. That's not the same as
publishing VM images in an open format.

~~~
thehodge
Am I missing somewhere where it says open format? It specifically states they
are using Amazon web services... It might not be to everyones taste but there
seems to be this never ending battle for "I wish they would open source it",
"I wish they would make it more open", "I wish they would use the BSD licence
instead of GPLv3" it just seems to never end..

~~~
charliesome
I wish they would throw up a flat hdd.img

