![\"Shellphish](\"/img/shellphish-team-picture-2003.jpg\")
In this episod, adamd and Zardus interview THE Fish from Shellphish and angr, a prominent figure in the CTF community. They discuss Fish’s journey into CTFs, his experiences with Shellphish, and the evolution of CTF challenges. Fish shares insights on the importance of reversing skills, the development of the angr decompiler, and the impact of CTFs on learning and personal growth. The conversation also touches on the future of reversing in the context of LLMs and the ongoing relevance of CTFs in the cybersecurity landscape.
", "url": "https://ctfradi.ooo/2026/03/04/024-chatting-with-fish-from-shellphish-024-ctf-radiooo.html", "date_published": "2026-03-04T00:00:00-07:00", "date_modified": "2026-03-04T00:00:00-07:00", "author": { "name": "adamd and Zardus" } }, {"id": "442c8de0", "title": "023", "summary": "", "content_text": "Youtube Video of podcastShownotes and LinksIn this episode, adamd and Zardus welcome Robert Xiao, an associate professor at the University of British Columbia and a seasoned CTF player. The conversation explores Robert’s journey from a background in human-computer interaction to becoming a prominent figure in the CTF community. They discuss his early experiences with game hacking, the challenges of CTFs, and how these experiences have influenced his research and professional development. The episode highlights the importance of community and collaboration in the CTF space, as well as the intersection of technical skills and human factors in computer science. In this conversation, the speakers delve into the hacker mentality and its significance in research and development. They discuss the differences in mindset between various research fields, the importance of innovation through hacking, and the balance between competitive programming and academic research. The conversation also touches on the evolution of Capture The Flag (CTF) teams, the impact of teaching on students, and the personal journeys of the speakers in the realm of security research and challenges.LinksRobert’s website", "content_html": "In this episode, adamd and Zardus welcome Robert Xiao, an associate professor at the University of British Columbia and a seasoned CTF player. The conversation explores Robert’s journey from a background in human-computer interaction to becoming a prominent figure in the CTF community. They discuss his early experiences with game hacking, the challenges of CTFs, and how these experiences have influenced his research and professional development. The episode highlights the importance of community and collaboration in the CTF space, as well as the intersection of technical skills and human factors in computer science. In this conversation, the speakers delve into the hacker mentality and its significance in research and development. They discuss the differences in mindset between various research fields, the importance of innovation through hacking, and the balance between competitive programming and academic research. The conversation also touches on the evolution of Capture The Flag (CTF) teams, the impact of teaching on students, and the personal journeys of the speakers in the realm of security research and challenges.
In this episode, adamd and Zardus talk finally talk to Vie from Maple Bacon / MMM in an environment where we can actually hear her. We discuss the evolution of CTF teams, the importance of community and mentorship, and the journey of Vie from a competitive gamer to a key player in the CTF scene.
In this episode, which seems to be an annual tradition, adamd and Zardus report LIVE from DEF CON 33 about the AIxCC results, first alone then together with Andrew Carney and Perri Adams, the key people involved in creating and running the AIxCC.
In this unconventional episode adamd surprises Zardus with Adam’s mom Karlene and musician Swardy, to discuss a new collaboration of the CTF Radiooo theme song. The conversation explores the creative process behind the collaboration, insights into music production, and the importance of community and DIY ethos in artistic endeavors. In the normal episode, adamd and Zardus reflect on their interviews with all the AIxCC teams. They explore the impact of AI on the field, the importance of team dynamics, and the challenges faced in software testing and development. The conversation highlights the diversity of approaches taken by different teams and the lessons learned from the discussion of the competition.
In this episode adamd and Zardus chat with Jeff Huang, Ze Sheng, and Qingxiao Xu from the AIxCC team all_you_need_is_a_fuzzing_brain about their AIxCC final submission. We discuss the innovative use of an AI-focused approach in their CRS. The conversation also highlights the significance of static analysis, performance metrics, and the future of cyber reasoning systems in the context of ongoing advancements in AI. We discuss the importance of local models, strategies for vulnerability detection, and the complexities of patching.
In this episode adamd and Zardus chat with Michael Brown and Evan Downing from the AIxCC team Trail of Bits about their AIxCC final submisson. Trail of Bits discusses their experiences and insights from participating in the AIxCC competition. They discuss the dynamics of their team, the development of their Cyber Reasoning System (CRS) named Buttercup, and the importance of open-source contributions. The discussion highlights the role of fuzzing and contextualization in vulnerability discovery and patching, as well as the integration of large language models in their processes. The team emphasizes the significance of resource management and efficiency in the competition, and they share their vision for future research and applications in the field. They emphasize the importance of choosing the right tools, adapting to evolving standards, and the complexity of their multi-agent system. The conversation also touches on the role of AI in their processes, their strategies for submitting patches, and reflections on their experiences during the competition.
In this episode adamd and Zardus chat with Taesoo Kim, Minwoo Baek, HyungSeok Han, and Hanqing Zhao from the AIxCC Team Atlanta about their AIxCC final submisson. Team Atlanta discusses their experiences and strategies in the AIxCC. They discuss team dynamics, communication methods, and the structure of their Cyber Reasoning System, which includes multiple components for different programming languages. The team shares insights on their innovative patching strategies, the use of large language models, and the challenges they faced during the competition. Overall, the discussion highlights the importance of collaboration, effective communication, and the integration of AI in cybersecurity.
In this episode adamd and Zardus chat with David Musliner, MikePelican, and Matt McLure from team LACROSSE from SIFT on their AIxCCsubmission. The conversation covers the team’s background, theirexperiences in previous competitions, and the architecture of theirCyber Reasoning System (CRS). They discuss the implications ofopen-sourcing their system, the dynamics of teamwork, and theinnovative use of AI in cybersecurity. The episode dives into thetechnical aspects of their system, including agent communication, taskprocessing, and patch generation, highlighting the challenges andstrategies involved in their competition journey. The LACROSSE teamdiscusses their experiences and challenges faced during the AI CyberChallenge, focusing on vulnerability assessment, patch submission, andthe role of LLMs in cybersecurity. They explore the complexities ofzero-day vulnerabilities, the strategies employed for patching, andthe lessons learned from the competition. The team emphasizes theimportance of effective collaboration, the evolving capabilities ofAI, and the future potential of combining symbolic reasoning withLLMs.
In this episode adamd and Zardus chat with returning guests Tyler and Tim from team Theori on their AIxCC submission. The Theori team discusses their participation in the AI Cyber Challenge, detailing their unique approach to building a Cyber Reasoning System (CRS) named RoboDuck. The conversation covers the team’s structure, motivation, and the challenges they face, including the potential brittleness of their system and the importance of testing. They discuss the pipeline for analyzing repositories, the use of LLMs for vulnerability detection, and their strategy for submitting patches during the competition. The episode concludes with reflections on the competition and the lessons learned.
In this episode adamd and Zardus chat with Xinyu, Dang, Ziyi, andXinqian from the AIxCC team 42-b3yond-6ug. The team highlights theimportance of stability, testing, and collaboration. They shareinsights on their cyber reasoning system, fuzzing strategies, and theimpact of AI models on their work. The team reflects on theirexperiences, lessons learned, and future aspirations in the field ofcybersecurity.
In this episode of CTF Radiooo adamd and Zardus discuss the final submission of the AI Cyber Challenge for Shellphish with clasm and honululu. They explore the evolution of the team, the significance of the challenge, and the role of AI in cybersecurity. We discuss the history of DARPA’s cyber challenges, the financial stakes involved, and the collaborative efforts of the team in developing a cyber reasoning system. Clasm and honululu share insights about Team Shellphish’s cyber reasoning system: ARTIPHISHELL.
In this episode of CTF Radiooo adamd and Zardus do a live-from-DEF CON interview with clasm and honululu, the co-captains of the Shellphish AIxCC team.
They talk about their approach to the AIxCC qualification competition and their cyber reasoning system ARTIPHISHELL.
Finally, we finish with live footage of Shellphish when the seven $2M winning qualifying teams are announced.
In this episode of CTF Radiooo adamd and Zardus talk about the highs (winning $1 million in the AIxCC Small Business Track) and the lows (failing to qualify for DEF CON CTF 2024) of Shellphish.
In this unique episode of CTF Radiooo adamd and Zardus chronicle their adventures while playing Nautilus Institute’s DEF CON 31 CTF, all the way from the Friday night before the CTF to early Monday morning leaving to catch a flight.
Throughout this episode we talk about the CTF as we’re experiencing it (from a hot tub?!?!), and we catch up with several amazing people in the CTF community, including commentators, players, organizers, and winners (congrats Maple Mallard Magistrates on the win): ZetaTwo, clasm, zanardi, nafod, perribus, negasora, jay, mike_pizza, zaratec, and vie.
Unfortunately the sound on the interviews during the CTF after party is not the best, but that’s how recording in a closet in the middle of a party goes! We’ll try to bring on those folks in the future.
Special shoutout to our impromptu camerapeople zwad3 and f4c31e55.
In this episode of CTF Radiooo adamd and Zardus chat with psifertex, glenns, and negasora from LiveCTF!
We talk about LiveCTF competitions in DEF CON CTF Finals 2022 and DEF CON CTF Quals 2023! We also chat about the history of LiveCTF, spectating CTF, the difficulty in creating a challenge at the appropriate difficult level for a spectated CTF, and more!
In this episode of CTF Radiooo adamd and Zardus chat about a challenging issue facing the CTF community: if someone finds or uses a 0-day vulnerability in a CTF, what happens?
We talk about 0-days, 0-days in CTF, and the complications that arise.
In this episode of CTF Radiooo adamd and Zardus chat with anciety, atum, mmmxny, and crazyman of r3kapig: one half of the CTF team P1G BuT S4D!
We talk about how the members got into CTFs, how the team gets new members, what is the culture of the team, why do we play CTFs, can we keepplaying CTFs?, what makes a good CTF challenge, and (what else) pwn.college!
Visit https://r3kapig.com/ to learn more about the team.
In this episode of CTF Radiooo adamd and Zardus chat with q7, publicqi, Yuhang Wu, and shiki7 of the CTF team Straw Hat!
In this episode of CTF Radiooo adamd and Zardus chat about keyboards, DEF CON CTF Quals 2023, CTF team mergers, and how Shellphish has qualified for DEF CON CTF for 20 years!
In this episode of CTF Radiooo adamd and Zardus are joined by special guests: Dustin and Vito from Legitimate Business Syndicate, hosts of DEF CON CTF from 2013–2017.
We chat about how Dustin and Vito got into CTFs, their first CTF experience, how DEF CON CTF has changed, and their experiences hosting DEF CON CTF.
In this episode of CTF Radiooo adamd and Zardus talk about a major update: Order of the Overflow has retired from hosting DEF CON CTF, after four years at the helm. They talk about what it was like to host, and why YOU should consider hosting DEF CON CTF.
In this episode of CTF Radiooo adamd and Zardus kick off the secondseason of CTF Radiooo. We reflect on the progress of pwn.college andthe challenges of incentivizing students to find and exploit realbugs.
In this episode of CTF Radiooo adamd and Zardus recap the first“season” of CTF Radiooo (yes, we’re calling them seasons now). Wereflect on a fun first season, discuss some of our favoritemoments/episodes, and talk about future plans for the pod.
In this episode of CTF Radiooo adamd and Zardus explore the mistyorigins of thePlaid Parliament of Pwning aka PPP along withmany PPP captains: Tyler Nighswander,Tim Becker,Jay Bosamiya (our first repeat guest),and Samuel Kim.
We dive into how everyone got into CTFs, how to maintain a CTF team,how to continue in CTFs, the shadowy PPP cabal, how PPP approachesCTFs, imposter syndrome, and everyone’s favorite PPP moment.
At the end of the day, we learn that there are no secret tricks orshortcuts, and that everyone is human!
In this episode of CTF Radiooo adamd and Zardus dive into the murky background of the Shellphish CTF Team along with special guests: Giovanni Vigna, Christopher Kruegel, and Davide Balzarotti, founding members of Shellphish.
We dive into how everyone got into CTFs, early DEF CON CTF and CTF memories, friendly rivalries with sk3wl 0f r00t, DEF CON CTF Rōnins, the myth of wkr, and why CTFs are important.
In this episode of CTF Radiooo adamd and Zardus host a special guest: Fabian a.k.a. LiveOverflow to discuss the topic of Education and CTF.
You may know LiveOverflow from hisexcellent YouTube videos.We discuss how Fabian got into CTFs, the history of the LiveOverflowname, how he got into streaming/creating scripted videos, and thherole of CTFs in security education.
In this episode of CTF Radiooo adamd and Zardus host a special guest: ZetaTwo a.k.a. Carl to discuss Pwny Racing and NorseCode.
We discuss how Carl got into CTFs, the history of Pwny Racing, the history of NorseCode, tips on casting a CTF, and how to create a superteam.
In this LIVE episode of CTF Radiooo, adamd and Zardus go over listener comments and questions.
Follow us on twitter and twitch to know about next live event.
In this extra-special episode of CTF Radiooo, adamd and Zardus host the WINNERS of DC 28 CTF: A*0*E.
From A*0*E we’re joined by Captain Gengming aka dmxcsnsbh, Vice-Captain Hui Shin aka septyem, Founder Tianyi aka Jackyxty, and DevOps silver!
We discuss how everyone got into CTFs, the history of A*0*E (the short version is A*0*E = EEE ∪ AAA ∪ 0ops ∪ ******), DC 28 CTF, DC 26 madness (on adamd and Zardus’ side, including social engineering a parking spot), and how to succeed at CTFs.
Silver’s amazing diagram of their networking setup:
+---------------------------------------------------------------------------+ | | | >Other players in our team< | | | +-----------------+----------------------------------+----------------------+ | | | | | OpenVPN | OpenVPN | | The `dc28-redir-controller` +--------+------+ +------+--------+ is deployed here | | | | | VPN Endpoint | | VPN Endpoint | | | for CHN users | | for USA users | | | | | | v +-------+-------+ +-------+-------+ | | +---------------------------+ +--------------------+ | bandwidth and ACL limited! | | | | | | save some money ;) | | Jumpbox, config copied +-----+ OOO's WG endpoint | | | | +-----+ from OOO's machine | | | | | | | | | | |+---------------------------------+ | v | | +---------------------------+ +--------------------+| | +-----+-----+ +-----+-----+ || CPU-intensive applications | | | QoS Promised | | || since EPYC servers are only +------+ Gateway +------------------------+ Gateway +------+ +------------------------------------+| available in CHN available zone | | China | MPLS VPN? not sure. | U.S West | | || | | | 110-130ms, <0.1% loss | +------------+ Latency-aware programs |+---------------------------------+ +-----------+ +-----------+ | & | | Traffic-heavy programs (like pcap) | | Reduce costs under the ocean | | | +------------------------------------+ - All connections are using WireGuard unless specified. - Netdata is installed on all machines so we can do remote telemetry and receive alarms.In this episode of CTF Radiooo adamd and Zardus host a special guest: sirdarckcat a.k.a. Eduardo Vela to discuss Google CTF 2020.
We discuss how sirdarckcat got into CTFs, the history of Google CTF, how Google CTF 2020 went, what happens behind the scenes of hosting a CTF, how to respond to issues in a CTF, and the need for organizers to share information.
In this episode of CTF Radiooo, adamd and Zardus host a special guest: Antonio from the Order of the Overflow to talk about his DC 28 CTF challenge ropshipai!
In addition, Jay, Corwin, and Matt from PPP join to talk about ropshipai and ropship from a player’s perspective!
Together adamd, Zardus, Antonio, Jay, Corwin, and Matt discuss how they got into CTFs, Return-Oriented Programming, the ropships, DC 28 CTF, and how PPP prepares and plays in DC 28 CTF.
In this episode of CTF Radiooo, adamd and Zardus host a special guest: Jeff! Together adamd, Zardus, and Jeff founded the Order of the Overflow, and they tell the story here.
Next, we chat about the DEF CON 28 CTF challenge gameboooy, which Jeff wrote.gameboooy is a gameboy emulator with multiple modules, each of which operate one aspect of the emulator.Rather than patch the emulator itself, the patch strategy is to write a firewall that inspects (and can block) the communication between each of the modules.
We also take an honest look at the problems of gameboooy (so that everyone can learn from mistakes), and discuss the challenges of organizing a CTF and writing challenges.
In this episode of CTF Radiooo adamd and Zardus host their first guest: kaptain a.k.a. Alexandros Kapravelos to discuss the DEF CON 28 CTF challenge nooode.
We discuss a bit about OOO, how kaptain got into CTFs, the design inspiration of nooode, CTF challenge philosophy, attack-defense private instances (and why they are necessary), stealth ports, how nooode went in DEF CON CTF, and lessons learned.
Unfortunately, Zardus’ machine blew up after the first 16 minutes ofrecording (LINUX!), so we lost his good audio, and have to go withlower quality audio for the first 16 minutes. Sorry!
In this episode of CTF Radiooo, adamd and Zardus answer the question that we get frequently: How to get into Capture the Flag (CTF) cybersecurity competitions?
We tell our “orgin story” about how we both got into CTFs at UCSB and with Shellphish (Zardus’ is particularly great).
We also point people to resources where they can get into CTFs.
The best way into CTFs is to start playing, so do it!
In this initial episode of CTF Radiooo, adamd and Zardus answer the question: What is Capture the Flag (CTF)?
And no, we’re not talking about a physical in-person CTF, or a first-person shooter CTF (ala Quake or Unreal).
We’re talking about the cybersecurity hacking competitions known as Capture the Flag, where hackers from around the world compete to solve security challenges and develop their security skills.