For a lot of people, bug bounties present a way to escape the rat race. A way to exchange the handcuffs of employment for the freedom of autonomous control of one’s day, and one’s financial future. As appealing as that looks, it’s also important to be very objective and methodical with decisions around making something like bug bounty the “way you keep the lights on” - It’s not good to make life altering decisions, without objectively considering all factors involved.read more
Over time I’ve answered this question a lot, and I’m hoping to build something more canonical I can reference for those starting out with bug bounties - where do you begin? The answer ultimately depends on your foundation, and I’ve aimed to break that down into two distinct answers. If you’re new to security If you’re newer to security, and hacking in general, a hacking foundation is the most important thing to build.read more
Be the first to know about new content and updated news in the industry.
Every Month if Hacktoberfest, which, if you’re not already familiar with is an event run by Digital Ocean to reward open source contributions with swag (normally a t-shirt and stickers). All in all, it’s a very well received event that provides the perfect time to jump into open source, if you haven’t already. The intention of this guide is to arm you with the knowledge of how you can get involved, even if you’re not entirely familiar with programming, or if you are, and you want a reference point for “how to github” - I’m aiming for this to land with both.read more
Summary This guide is a large summary of the information security tool, FFUF. This is also paired with a video companion guide, shown below: Table of Contents Other Sources / Credit Before we start What is FFUF, and What is it used for? Who What Where Why Command Line Driven Applications Installation Install from Source Upgrading from Source Kali Linux APT Repositories Other Locations - Debian Unstable / SNAP, etc' Basic Usage What is Directory Brute Forcing?read more
What is Cracknet? As a part of the SecTalks May CTF I built a .Net reverse engineering challenge, Cracknet. I’ve since made this available on Github, here. Although it’s possible to complete this challenge by bypassing a JMP instruction in assembly the intention of this challenge was to introduce participants to decompiling .Net applications by patching the application. Exploring CrackNet functionality When you first open CrackNet you’re presented with the following:read more
Category: Coding Points: 400 Solves: 7 Description: ctf.crikeycon.com:43981 Enumeration Before doing anything else on the host since we were provided with an unual port and address I attempted to ncat to it, receiving the following: Identifying the core problem Since the math is impossible there’s likely a trick here. With that in mind I figure we need to overload an operator (integer overflow) and try passing a large number as input:read more