Over time I’ve answered this question a lot, and I’m hoping to build something more canonical I can reference for those starting out with bug bounties - where do you begin? The answer ultimately depends on your foundation, and I’ve aimed to break that down into two distinct answers. If you’re new to security If you’re newer to security, and hacking in general, a hacking foundation is the most important thing to build.read more
Every Month if Hacktoberfest, which, if you’re not already familiar with is an event run by Digital Ocean to reward open source contributions with swag (normally a t-shirt and stickers). All in all, it’s a very well received event that provides the perfect time to jump into open source, if you haven’t already. The intention of this guide is to arm you with the knowledge of how you can get involved, even if you’re not entirely familiar with programming, or if you are, and you want a reference point for “how to github” - I’m aiming for this to land with both.read more
Be the first to know about new content and updated news in the industry.
Summary This guide is a large summary of the information security tool, FFUF. This is also paired with a video companion guide, shown below: Table of Contents Other Sources / Credit Before we start What is FFUF, and What is it used for? Who What Where Why Command Line Driven Applications Installation Install from Source Upgrading from Source Kali Linux APT Repositories Other Locations - Debian Unstable / SNAP, etc' Basic Usage What is Directory Brute Forcing?read more
What is Cracknet? As a part of the SecTalks May CTF I built a .Net reverse engineering challenge, Cracknet. I’ve since made this available on Github, here. Although it’s possible to complete this challenge by bypassing a JMP instruction in assembly the intention of this challenge was to introduce participants to decompiling .Net applications by patching the application. Exploring CrackNet functionality When you first open CrackNet you’re presented with the following:read more
Category: Coding Points: 400 Solves: 7 Description: ctf.crikeycon.com:43981 Enumeration Before doing anything else on the host since we were provided with an unual port and address I attempted to ncat to it, receiving the following: Identifying the core problem Since the math is impossible there’s likely a trick here. With that in mind I figure we need to overload an operator (integer overflow) and try passing a large number as input:read more
Category: Coding Points: 300 Solves: 14 Description: crikeyconctf.dook.biz:23776 Enumeration Before doing anything else on this host I attempted to connect to it, receiving the following: The time between being presented with the challenge and receiving a timeout was a mere two seconds. Although handy with a calculator this wouldn’t be possible without a script/bot. I also noted that the response and timing to answer didn’t change on a second connection, but the base operator did.read more