my ๐earning ๐og; notes on cybersec activities, ctfs, and ill-equipped cyber adventures. Consume responsibly.
General writeup notes for Pentesterlab's Serialize badge. This post does not contain any spoilers. This is just information collected by me to understand the exercises better.
TODO
โ XMLDecoder
โ CVE-2016-0792
โ ObjectInputStream
โ CVE-2013-0156: Rails Object Injection
โ API to Shell
difficulty: easy
status: retired
platform: linux
ip: 10.10.10.3
URI: https://www.hackthebox.eu/home/machines/profile/1
๐ https://capture.tf/
Another year of a fantastic WA based CTF made by the community for the community. As always, a lot was enjoyed, keyboards were mashed, and much was learnt. Thanks to all the organisers for making this so special. Only regret is not being able to play in person at Perth ๐ข.
source: https://pentesterlab.com/badges/recon โ no spoilers!
Get started with Cyber Security in 25 Days โ Learn the basics by doing a new, beginner friendly security challenge every day leading up to Christmas.
https://tryhackme.com/room/adventofcyber2
Here are my writeups! Happy Holidays folks ๐
URI: https://www.vulnhub.com/entry/bossplayersctf-1,375/ Difficulty: Easy
Aimed at Beginner Security Professionals who want to get their feet wet into doing some CTF's. It should take around 30 minutes to root.
URI: https://www.vulnhub.com/entry/funbox-2-rockie,520/ Difficulty: Easy
Boot2Root ! This can be a real life scenario if rockies becomes admins. Easy going in round about 15 mins. Bit more, if you are find and stuck in the rabbit-hole first.
Sharing some notes I recorded during @AletheDenis' OSINT CTF Strategy and Tactics II event back in September 2020. I hope it helps!
It covers some tips, strategies, and common mistakes to avoid in order to get the most out of OSINT CTFs.
https://tryhackme.com/room/jack
nmap, wpscan, python, pspyhttps://holidayhackchallenge.com/2020/
Updating this as soon as the event starts in mid-December 2020 ๐