Notes on making CTF games

Some time ago I wrote a post named “unofficial guide to creating CTF VMs“. Since then I have been approached by random people, students I mentor and colleagues asking how to make that virtual machine vulnerable. Well, I never intended that post to reveal that. It was simply left as an exercise to the readers. Today I […]

Read More Notes on making CTF games

Proactive vulnerability scanning

  Today I am demonstration how to proactively work with the results from a vulnerability scanner to secure a server. I will set up a vulnerability scanner to scan a server in my test lab in order to discover how it appears to attackers running similar tools. We will touch upon fixing low hanging fruits […]

Read More Proactive vulnerability scanning

Fuzzing – CTF primer

Fuzz testing or fuzzing is a technique commonly used in software testing to find how software responds to invalid, unexpected or random data. The targeted software may fail, give unexpected output or misbehave processing the randomized input data. Input that leads to such situations is then addressed and rectified. The term fuzz testing originates from a […]

Read More Fuzzing – CTF primer

TAILS OS – privacy for anyone

Keeping your privacy is hard in our world of technology. Luckily there’s a solution available for free for you to stay undercover. Today I’ll be presenting Tails OS – maybe you’ve heard about it, maybe you haven’t. Tag along and maybe it’ll peak your interest! What is it? Tails is a live Linux system aiming […]

Read More TAILS OS – privacy for anyone

Exif XSS using JPEG as media

Ever heard about Exif and why it potentially can put a web site in danger? Exif is an abbreviation for “Exchangeable Image File Format”. Technically it is a file format for storing information in media files. The specification uses the JPEG discrete cosine transform (DCT) for compressed image files and TIFF for uncompressed image files. It also […]

Read More Exif XSS using JPEG as media

Cybrary.It Online Courses

Are you sweating over books on information security that just don’t keep their promise? Are you looking on YouTube videos made by script-kiddies but still looking for advanced topics?  Then I got news for you! There’s a new learning resource in town to combat dry books and mediocre YouTube videos. Meet Cybrary! Cybrary is an online learning […]

Read More Cybrary.It Online Courses