Some time ago I wrote a post named “unofficial guide to creating CTF VMs“. Since then I have been approached by random people, students I mentor and colleagues asking how to make that virtual machine vulnerable. Well, I never intended that post to reveal that. It was simply left as an exercise to the readers. Today IContinue reading “Notes on making CTF games”
Category Archives: Teaching
Proactive vulnerability scanning
Today I am demonstration how to proactively work with the results from a vulnerability scanner to secure a server. I will set up a vulnerability scanner to scan a server in my test lab in order to discover how it appears to attackers running similar tools. We will touch upon fixing low hanging fruitsContinue reading “Proactive vulnerability scanning”
Fuzzing – CTF primer
Fuzz testing or fuzzing is a technique commonly used in software testing to find how software responds to invalid, unexpected or random data. The targeted software may fail, give unexpected output or misbehave processing the randomized input data. Input that leads to such situations is then addressed and rectified. The term fuzz testing originates from aContinue reading “Fuzzing – CTF primer”
TAILS OS – privacy for anyone
Keeping your privacy is hard in our world of technology. Luckily there’s a solution available for free for you to stay undercover. Today I’ll be presenting Tails OS – maybe you’ve heard about it, maybe you haven’t. Tag along and maybe it’ll peak your interest! What is it? Tails is a live Linux system aimingContinue reading “TAILS OS – privacy for anyone”
TFTP – Trivial File Transfer Protocol
TFTP was first defined in 1980 and with later revisions between 1981 and 1998. The name itself is an abbreviation of Trivial File Transfer Protocol. It operates like FTP, but is much simpler. It lacks login and access control mechanisms, it can only store and retrieve files, and it uses no transmission encryption. To make itContinue reading “TFTP – Trivial File Transfer Protocol”
Forensics approach to handling vulnerability scanner results
I was scratching my head this week as I ventured deeper into the world of vulnerability scanners. Not actually the scanners themselves, but rather the process of handling the process surrounding them. I.e. validating results. Finding no proper methodologies on the Net, I set out penning my own based on one of my older methodsContinue reading “Forensics approach to handling vulnerability scanner results”
Exif XSS using JPEG as media
Ever heard about Exif and why it potentially can put a web site in danger? Exif is an abbreviation for “Exchangeable Image File Format”. Technically it is a file format for storing information in media files. The specification uses the JPEG discrete cosine transform (DCT) for compressed image files and TIFF for uncompressed image files. It alsoContinue reading “Exif XSS using JPEG as media”
Cybrary.It Online Courses
Are you sweating over books on information security that just don’t keep their promise? Are you looking on YouTube videos made by script-kiddies but still looking for advanced topics? Then I got news for you! There’s a new learning resource in town to combat dry books and mediocre YouTube videos. Meet Cybrary! Cybrary is an online learningContinue reading “Cybrary.It Online Courses”
reedphish 