Writeup: FaustCTF 2018: Jodlgang Student: Markus Vogl Team: - - PowerPoint PPT Presentation

▶

Feb 25, 2024 569 likes •767 views

Writeup: FaustCTF 2018: Jodlgang Student: Markus Vogl Team: SIGFLAG.at Uni: JKU Linz Institute: Institute for Network and Security Sponsor:VACE Overview 01 Application Overview 02 Problem analysis 03 Machine Learning: VGG16 04 The

SLIDE 1

Writeup: FaustCTF 2018: Jodlgang

Student: Markus Vogl Team: SIGFLAG.at Uni: JKU Linz Institute: Institute for Network and Security Sponsor:VACE

SLIDE 2

Overview

01 Application Overview 02 Problem analysis 03 Machine Learning: VGG16 04 The stupid solution 05 The smart solution

SLIDE 3

1. Application Overview

SLIDE 4

1. Application Overview
UWSGI: Web Server Gateway Interface
Django Webapp on port 8000
Bootstrap CSS + JS + html templates
Virtual python env + separate user
No easy cross service attacks
SQLite DB
Tensorwow
Numpy implementation of Tensorflow
500MB .h5 pretrained model

SLIDE 5

1. Application Overview: Database

SLIDE 6

2. Problem analysis: backends.py

SLIDE 7

2. Problem analysis
Login with one of of 530 known emails
“Password” is an image

– Must be (cnn.input_width * cnn.input_width * 3) – So: 224 x 224 x 3 = square RGB

Cnn.inference(face)

– Argmax – must be >0.5

SLIDE 8

2. Problem Analysis: Model

SLIDE 9

2. Problem Analysis: Model #2

SLIDE 10

SLIDE 11

Wait a second….

SLIDE 12

3. Machine Learning: VGG

SLIDE 13

3. Machine Learning: Softmax

SLIDE 14

3. ML – The softmax issue
Does this mean….

F i l e : p

a t

j p g U s e r : H e l e n a D ö r i n g P r

: . 6 3 F i l e : b i t c

n e c t _ d u d e . j p g U s e r : M a r l e n e S c h u s t e r P r

: . 5 1 F i l e : t r u m p . j p g U s e r : P a u l a H a h n P r

: . 9 9 F i l e : b i t c

n . j p g U s e r : P i a I n g e r f u r t h P r

: . 3 5

SLIDE 15

3. Machine Learning: CelebA Dataset
Right: User: Theo-Fuchs.jpg from

network traffic (user 60)

Bottom: CelebA

– 200k images – 10k identities – 178 × 218 px

SLIDE 16

4. The stupid solution

1.Take random CelebA image 2.Feed it to pretrained model 3.Get classifications → Same for every team 4.If max(classifications) > 50% → JACKPOT 5.Save as id = argmax(classifications) 6.Repeat on many computers, merge images 7.Try every image-ID on every team, because you forget Theo is #60 and you are team #60 Now they dump your traffic and reuse your images

SLIDE 17

4. The stupid solution: Code

Writeup: FaustCTF 2018: Jodlgang Student: Markus Vogl Team: - - PowerPoint PPT Presentation

Writeup: FaustCTF 2018: Jodlgang

Overview

01 Application Overview 02 Problem analysis 03 Machine Learning: VGG16 04 The stupid solution 05 The smart solution

– Must be (cnn.input_width * cnn.input_width * 3) – So: 224 x 224 x 3 = square RGB

– Argmax – must be >0.5

Wait a second….

F i l e : p

a t

j p g U s e r : H e l e n a D ö r i n g P r

: . 6 3 F i l e : b i t c

n e c t _ d u d e . j p g U s e r : M a r l e n e S c h u s t e r P r

: . 5 1 F i l e : t r u m p . j p g U s e r : P a u l a H a h n P r

: . 9 9 F i l e : b i t c

n . j p g U s e r : P i a I n g e r f u r t h P r

: . 3 5

network traffic (user 60)

– 200k images – 10k identities – 178 × 218 px

person → get x100 speedup on GPU

neural nets see the world” to understand why