Beginners Bug Bounty - what bug classes should you start with?

Apr 4, 2021
Over time I’ve answered this question a lot, and I’m hoping to build something more canonical I can reference for those starting out with bug bounties - where do you begin? The answer ultimately depends on your foundation, and I’ve aimed to break that down into two distinct answers. If you’re new to security If you’re newer to security, and hacking in general, a hacking foundation is the most important thing to build.
read more

Contributing to Github for Information Security Professionals

Oct 8, 2020
Every Month if Hacktoberfest, which, if you’re not already familiar with is an event run by Digital Ocean to reward open source contributions with swag (normally a t-shirt and stickers). All in all, it’s a very well received event that provides the perfect time to jump into open source, if you haven’t already. The intention of this guide is to arm you with the knowledge of how you can get involved, even if you’re not entirely familiar with programming, or if you are, and you want a reference point for “how to github” - I’m aiming for this to land with both.
read more

Everything you need to know about FFUF

Sep 17, 2020
Summary This guide is a large summary of the information security tool, FFUF. This is also paired with a video companion guide, shown below: Table of Contents Other Sources / Credit Before we start What is FFUF, and What is it used for? Who What Where Why Command Line Driven Applications Installation Install from Source Upgrading from Source Kali Linux APT Repositories Other Locations - Debian Unstable / SNAP, etc' Basic Usage What is Directory Brute Forcing?
read more

Decompiling C# by Example with Cracknet

Jul 25, 2017
What is Cracknet? As a part of the SecTalks May CTF I built a .Net reverse engineering challenge, Cracknet. I’ve since made this available on Github, here. Although it’s possible to complete this challenge by bypassing a JMP instruction in assembly the intention of this challenge was to introduce participants to decompiling .Net applications by patching the application. Exploring CrackNet functionality When you first open CrackNet you’re presented with the following:
read more

Understanding Integer Overflows - CrikeyCon 2017, Impossible Math Writeup

Mar 8, 2017
Category: Coding Points: 400 Solves: 7 Description: ctf.crikeycon.com:43981 Enumeration Before doing anything else on the host since we were provided with an unual port and address I attempted to ncat to it, receiving the following: Identifying the core problem Since the math is impossible there’s likely a trick here. With that in mind I figure we need to overload an operator (integer overflow) and try passing a large number as input:
read more

CrikeyCon 2017 - Fast Math Writeup

Mar 8, 2017
Category: Coding Points: 300 Solves: 14 Description: crikeyconctf.dook.biz:23776 Enumeration Before doing anything else on this host I attempted to connect to it, receiving the following: The time between being presented with the challenge and receiving a timeout was a mere two seconds. Although handy with a calculator this wouldn’t be possible without a script/bot. I also noted that the response and timing to answer didn’t change on a second connection, but the base operator did.
read more

How do you perform arbitrage with Bitcoins?

Sep 28, 2014
What is Arbitrage? Put simply, arbitrage is buying something at a low price and selling more or less immediately at a higher price through a different market. There are many kinds of arbitrage, but all of them boil more or less to the same goal: Capitalizing on a price difference for economic gain. Arbitrage is everywhere in our global economy and lots of commercial transactions depend upon it and utilize it.
read more

Proof of Stake – How does it work and what are the advantages?

Sep 19, 2014
Recently more and more alt coins have decided to integrate a proof of stake system over the traditional proof of work system used by Bitcoin and Litecoin. But why, one may ask? Frankly, the proof of work system is not perfect. A cryptocurrency without proof of stake doesn’t just lack an incentive for users to continue holding on to their coins, but is also susceptible to a 51 percent attack if one party controls a majority of the total mining output.
read more

Bitcoin Wallets: What are the differences between them?

Jan 2, 2013
Satoshi Nakamoto first published their paper on Bitcoin back in 2009, but it didn’t reach real mainstream popularity until recently. Only the users who understand the highly technical mechanics of Bitcoin invested their time in the technology during 2009-13 intermission period. In February of 2013 Bitcoin, and soon cryptocurrencies in general, finally entered the public consciousness. Despite being a four year old technology, many of the core features of the Bitcoin protocol were not polished in any capacity, let alone ready for mass public consumption.
read more