HackDig : Dig high-quality web security articles for hacker

The Top 13 Information Security Conferences of 2017

2017 is finally here. You know what that means: another information security conference season is upon us. We couldn’t be more excited!Just like we did last year, we at The State of Security have assembled a list of the top 13 conferences in information security for 2017. We hope you’ll have the chance to attend at least one of these events this
Publish At:2017-01-11 12:55 | Read:3919 | Comments:0 | Tags:Off Topic Conferences CTF hacking Information Security pente

The DEF CON 24 Experience

This year, I was fortunate enough to attend the DEF CON 24 security conference, one of The State of Security’s top 11 infosec conferences, which took place August 4-7, 2016, at Paris and Bally’s in Las Vegas. Here’s a summary of my experience.Cyber Grand ChallengeAn interesting addition to the unofficial first day of DEF CON this year was t
Publish At:2016-08-25 15:30 | Read:3455 | Comments:0 | Tags:Events CTF cybersecurity DEF CON Hacker password

More than a simple game

By Daniel Correa / NullLifeTeamEKOPARTYConference 2015, one of the most important conferences in LatinAmerica, took place in Buenos Aires three months ago. IOActive andEKOPARTY hosted the main security competition of about 800 teamswhich ran for 32 hours, the EKOPARTY CTF (Capture the Flag).Teamsfrom all around the globe demonstrated their skills
Publish At:2016-01-27 02:30 | Read:4459 | Comments:0 | Tags:argentina ctf ekoparty ioactive writeup

Capture the Flag: It’s All Fun and Games with Business Benefits

For most organizations who manage information technology and/or information security programs, personnel are constantly on the lookout for the best ways to train their technology superstars and provide them with the best academic and hands-on learning resources available.Capture the Flag (CTF) events integrate both aspects of this into a single experience. I
Publish At:2015-09-14 15:15 | Read:2392 | Comments:0 | Tags:Featured Articles IT Security and Data Protection Capture th

Executing bash commands without space

Hello, world. So I was in this CTF competition and my teammate (@aboul3la) found a command injection vulnerability in one of web application challenges. If you input `>file.txt` the server creates a file called file.txt. We wanted to write a PHP shell to the server (echo “<?PHP CODE>” > file.php) But the thing is, the challenge had a
Publish At:2015-07-25 16:25 | Read:1707 | Comments:0 | Tags:CTF

Tripwire VERT’s CTF – Level 1

Last month, I participated in the Tripwire VERT cybersecurity Capture the Flag contest organized for infosec students with some awesome prizes: BSides Las Vegas & DEF CON 23 travel packages and more… I’m in! Even though I didn’t get that far, it was a great learning experience!The CTF started on March 27 when I got an email from the organizers with a lin
Publish At:2015-04-22 11:45 | Read:2885 | Comments:0 | Tags:Featured Articles Off Topic CTF VERT

How I Captured the Flags in Tripwire VERT’s Cyber Security Contest – Part 2

In the first installment of this blog post, I took you through how I completed level 1 of Tripwire Vulnerability and Exposure Research (VERTs) Capture the Flag contest. Now, I’ll show you how I finished level 2 and successfully completed the challenge.Level 2Going to the link above results in a registration page (pictured below), which requires a username, a
Publish At:2015-04-16 08:45 | Read:3289 | Comments:0 | Tags:Featured Articles Off Topic CTF Flags tripwire VERT

th3jackers 2015 CTF crypto100 writeup

OHSHIT (crypto100) Description: Decrypt the cipher using the encryption program And attachment is supplied: challenge.7z It contains an encryption program and crypto.txt containing Name: Automated Crypter Description: Decrypt this: 019t-0-080-3-1b-19t-25z-080-03f-8j-1b-12n-12n Using this program. (Note: the – is just a separator) Hint: Not all let
Publish At:2015-01-24 19:50 | Read:2391 | Comments:0 | Tags:CTF

th3jackers 2015 CTF crypto200 writeup

The last word (crypto200) Description: Decrypt this And attachment is supplied: challenge.txt It looks hex’ish? so i try hex decoding with no luck. Then i noticed it had too many zeros? so i tried to change every character that’s not 0 to 1 to try for binary. So as usual i run to python: cry200.py 0110001001110101011010010010000001111000011001000
Publish At:2015-01-24 19:50 | Read:2813 | Comments:0 | Tags:CTF

pwntools – CTF Framework & Exploit Development Library

pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.Command-line frontends for some of the functionality are available:asm/disasm: Small wrapper for various assemblers.constgrep: Tool for finding constants defined in he
Publish At:2015-01-13 10:20 | Read:5412 | Comments:0 | Tags:Exploits/Vulnerabilities ctf ctf framework exploit dev explo

Ghost in The Shellcode 2015 Teaser – Don’t Panic! Shift Keying! Solution

This was the only challenge remaining for us (ClevCode Rising) in the GITS 2015 Teaser CTF (http://ghostintheshellcode.com/2015-teaser/final_scores.txt), after I had solved the Citadel challenge and my team mate Zelik had solved Lost in Time. With no previous GNU Radio experience, I tried my luck, and was able to come very close to solving this in time to wi
Publish At:2014-12-15 12:20 | Read:3240 | Comments:0 | Tags:CTF Team

Ghost in The Shellcode 2015 Teaser – Citadel solution

This is my exploit for the Citadel challenge in the Ghost in The Shellcode 2015 Teaser CTF. I have attached my IDB as well, so those of you with IDA Pro can see what the reversing-part of the process looked like.The Citadel challenge consisted of a custom SIP server (Linux/x86_64), with NX, ASLR and partial RELRO enabled. After some time reverse-engineering
Publish At:2014-12-15 12:20 | Read:3160 | Comments:0 | Tags:CTF Exploit Development Team

Execute Shellcode, Bypassing Anti-Virus…

Hello, I am going to demonstrate a little trick to allow you to bypass anti-virus and execute shellcode, this is a publicly known trick that I did not discover. The shellcode I am going to use for this example is the common Metasploit Windows Bind TCP shell, however any shellcode can be used, I have simply chosen this one for simplicity. As I’m sure
Publish At:2014-08-12 11:05 | Read:2569 | Comments:0 | Tags:CTF Encoding exploitation infosec metasploit pentesting pent


Share high-quality web security related articles with you:)


Tag Cloud