recentpopularlog in

whip_lash : ctf   31
flAWS 2 has two paths this time: Attacker and Defender! In the Attacker path, you'll exploit your way through misconfigurations in serverless (Lambda) and containers (ECS Fargate). In the Defender path, that target is now viewed as the victim and you'll work as an incident responder for that same app, understanding how an attack happened. You'll get access to logs of a previous successful attack. As a Defender you'll learn the power of jq in analyzing logs, and instructions on how to set up Athena in your own environment.
aws  security  pentest  pentesting  ctf  tutorial 
11 weeks ago by whip_lash
Introducing the Hacker101 CTF – HackerOne – Medium
Hacker101 is getting something brand new: our own Capture The Flag! For those who are unfamiliar, Capture The Flags (better known as CTFs) are games where hackers have to find bugs and solve puzzles to find “flags,” bits of data that tell the system you’ve completed a given task.
september 2018 by whip_lash
ungleich Blog - ungleich quiz v6
It has been some years since Philipp and Nico launched the famous sysengquiz. Some years have passed since then, now is certainly time to launch a new edition: the ungleichquiz v6. If you are a Linux / Unix geek, you should have no trouble in solving it.

The rules are pretty simple: login to the right VM, find the answers and save your place in the hall of fame!
may 2018 by whip_lash
Practical Symbolic Execution and SATisfiability Module Theories (SMT) 101
Finding bugs is hard, reverse engineering is hard. Constraint solvers are the heart of many program analysis techniques, and can aid Fuzzing, and software verification.

This post contains a few hands-on experiments with Z3, a high performance theorem prover developed at Microsoft Research by Leonardo de Moura and Nikolaj Bjorner. With KLEE, a Symbolic Execution Engine built on top of the LLVM compiler infrastructure developed by Cristian Cadar, Daniel Dunbar, and Dawson Engler. And, angr, a binary analysis framework developed by the Computer Security Lab at UC Santa Barbara and their associated CTF team, Shellphish.
ctf  assembly  exploit  development  reverse-engineering 
may 2018 by whip_lash
Updated Hacking Challenge Site Links
These are 70 sites which offer free challenges for hackers to practice their skills. Some are web-based challenges, some require VPN access to private labs and some are downloadable ISOs and VMs. I’ve tested the links at the time of this posting and they work.
ctf  security 
january 2018 by whip_lash
ROP Emporium
Learn return-oriented programming through a series of challenges designed to teach ROP techniques in isolation, with minimal reverse-engineering and bug-hunting.
ctf  programming  security  exploit  development 
january 2018 by whip_lash
CTF Series : Vulnerable Machines —
This post (Work in Progress) records what we learned by doing vulnerable machines provided by VulnHub, Hack the Box and others. The steps below could be followed to find vulnerabilities, exploit these vulnerablities and finally become system/ root.
ctf  howto  hacking 
january 2018 by whip_lash
IppSec - YouTube - YouTube
Walkthroughs of retired hackthebox machines
walkthrough  ctf 
january 2018 by whip_lash
This is a compressed, really SHORT guide to assist you in navigating your way through the SANS Holiday Hack CTF based on their past challenges and my observations over time. Whether or not you are successful (completing all the challs) is not the point of this exercise. The idea is to have fun, hopefully learn new techniques and grow as a security researcher, pentester, hacker, whatever you identify as.  
holidayhackchallenge  sans  ctf  pentest 
december 2017 by whip_lash
Researcher Resources - Bounty Bug Write-ups - Security Research - Bugcrowd Forum
This is a collection of bug bounty reports that were submitted by security researchers in the infosec community. These write-ups are a great way to learn from fellow hackers.
bug  hacking  bugbounty  walkthrough  webapp  pentest  ctf 
august 2017 by whip_lash
Mind Maps
Information Security related Mind Maps
hacking  mindmap  security  pentest  ctf 
august 2017 by whip_lash
cliffe/SecGen: Create randomly insecure VMs
OSCPeeps: if you haven't seen this, there's a new vulnerable VM generator you can use to practice pentesting:
virtualization  security  vulnerability  ctf 
august 2017 by whip_lash

Copy this bookmark:

to read