Heath Leach
Shared posts
27 Jul 19:07
Free CTF is Online!
by RyanANicholson
While my free Google Cloud Platform account is still active (until ~30 Nov 2018), feel free to try out my Capture the Flag at http://ctf.ryanic.com! Have fun red teamers! Ground rules: please try not to hack the platform itself. That ruins the fun for others.
23 Jul 19:32
Riot's Approach to Anti-Cheat
by /u/synetic707
 |
submitted by /u/synetic707 to r/REGames [link] [comments] |
23 Jul 19:13
Cloudflare, Fastly, Mozilla and Apple working on SNI encryption for TLS 1.3
by /u/Natanael_L
27 Jun 19:24
A step by step binary analysis write-up using Radare2. Let me know if there is more interest in this, because I might turn it in to a series!
by /u/ThisIsLibra
27 Jun 19:14
USV: 2017 Part 1 CTF Walkthrough was first posted on June 21, 2018 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
USV: 2017 Part 1 CTF Walkthrough
by Nikhil Kumar
In this article, we will learn to solve another Capture the Flag (CTF) challenge which was posted on VulnHub by “Suceava University.” As you may already know from my previous capture-the-flag articles, Vulnhub.com is a platform which provides vulnerable applications/machines to get a practical, hands-on experience in conducting pen tests on applications. You can check […]
The post USV: 2017 Part 1 CTF Walkthrough appeared first on InfoSec Resources.
USV: 2017 Part 1 CTF Walkthrough was first posted on June 21, 2018 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
21 Jun 18:23
Kioptrix VMs Challenge Walkthrough was first posted on June 21, 2018 at 11:38 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kioptrix VMs Challenge Walkthrough
by Security Ninja
In this article, we will walk through all the basic Kioptrix VMs (total 5) which are available on vulnhub.com. The difficulty level of all these machines is easy, and they are categorized into different Levels. Let’s start. Note: For all these machines I have used VMware workstation to provision VMs. Kali Linux VM will be […]
The post Kioptrix VMs Challenge Walkthrough appeared first on InfoSec Resources.
Kioptrix VMs Challenge Walkthrough was first posted on June 21, 2018 at 11:38 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
07 Jun 18:50
Freddy: Burp Suite extension to automatically identify deserialization issues in Java and .NET applications
by /u/0xdea
09 May 18:45
Google CTF 2018 is here
by Google Security PR
Posted by Jan Keller, Security TPM
Google CTF 2017 was a big success! We had over 5,000 players, nearly 2,000 teams captured flags, we paid $31,1337.00, and most importantly: you had fun playing and we had fun hosting!
Hence, we are excited to announce Google CTF 2018:
Google CTF 2017 was a big success! We had over 5,000 players, nearly 2,000 teams captured flags, we paid $31,1337.00, and most importantly: you had fun playing and we had fun hosting!
Congratulations (for the second year) to the team pasten, from Israel, for scoring first place in both the quals and the finals. Also, for everyone who hasn’t played yet or wants to play again, we have open-sourced the 2017 challenges in our GitHub repository.
Hence, we are excited to announce Google CTF 2018:
- Date and time: 00:00:01 UTC on June 23th and 24th, 2018
- Location: Online
- Prizes: Big checks, swag and rewards for creative write-ups
The winning teams will compete again for a spot at the Google CTF Finals later this year (more details on the Finals soon).
For beginners and veterans alike
Based on the feedback we received, we plan to have additional challenges this year where people that may be new to CTFs or security can learn about, and try their hands at, some security challenges. These will be presented in a “Quest” style where there will be a scenario similar to a real world penetration testing environment. We hope that this will give people a chance to sharpen their skills, learn something new about CTFs and security, while allowing them to see a real world value to information security and its broader impact.
We hope to virtually see you at the 3rd annual Google CTF on June 23rd 2018 at 00:00:01 UTC. Check g.co/ctf, or subscribe to our mailing list for more details, as they become available.
Why do we host these competitions?
We outlined our philosophy last year, but in short: we believe that the security community helps us better protect Google users, and so we want to nurture the community and give back in a fun way.
Thirsty for more?
There are a lot of opportunities for you to help us make the Internet a safer place:
- Our Vulnerability Rewards Program: Report vulnerabilities in our infrastructure and get rewarded
- (AutoFuzz) Patch Rewards Program: Fix vulnerabilities in open-source software to build your reputation and make an impact in the security community
- Vulnerability Research Grants Program: Apply for a research grant to extensively test a component of our infrastructure at your own pace.
03 May 18:54
submitted by /u/_creosote to r/netsecstudents
[link] [comments]
GoldenEye - New Vulnerable OSCP Style Machine
by /u/_creosote
Greetings ya'll,
I recently got done creating an OSCP type vulnerable machine that's themed after the great James Bond film (and even better n64 game) GoldenEye. The goal is to get root and capture the secret GoldenEye codes - flag.txt.
I'd rate it as Intermediate, it has a good variety of techniques needed to get root - no exploit development/buffer overflows. After completing the OSCP I think this would be a great one to practice on, plus there's a hint of CTF flavor.
I've created and validated on VMware and VirtualBox. You won't need any extra tools other than what's on Kali by default. Will need to be setup as Host-Only, and on VMware you may need to click "retry" if prompted, upon initially starting it up because of formatting.
Planning to send to vulnhub in the future, but as for now it's on google drive. Test it, let me know what you think.
PM if you run into any issues or need a nudge out of the rabbit hole.
VirtualBox: https://drive.google.com/open?id=1Dr9KyljRE4OF-9Xgebi1opgnB7oiVuM-
VMware: https://drive.google.com/open?id=1xlWBv3NSu9ITOwAT4yYd1yNsB6R3qxRl
[link] [comments]
03 May 18:28
Authentication bypass in Oracle Access Manager SSO solution via padding oracle attack
by /u/0x9000
03 May 18:19
[N] "Facebook Open Sources ELF OpenGo": AlphaZero reimplementation - 14-0 vs 4 top-30 Korean pros, 200-0 vs LeelaZero; 3 weeks x 2k GPUs; pre-trained models & Python source
by /u/gwern
![[N] "Facebook Open Sources ELF OpenGo": AlphaZero reimplementation - 14-0 vs 4 top-30 Korean pros, 200-0 vs LeelaZero; 3 weeks x 2k GPUs; pre-trained models & Python source](https://b.thumbs.redditmedia.com/XuukhoPkse7WQN6c6eDfZ5zhiIJDInCPkmrP9aPiUeM.jpg "[N] \"Facebook Open Sources ELF OpenGo\": AlphaZero reimplementation - 14-0 vs 4 top-30 Korean pros, 200-0 vs LeelaZero; 3 weeks x 2k GPUs; pre-trained models & Python source") |
submitted by /u/gwern to r/MachineLearning [link] [comments] |
30 Apr 14:22
submitted by /u/13Cubed to r/computerforensics
[link] [comments]
Event Log Forensics with Log Parser
by /u/13Cubed
Good morning,
I just released a new video in the Introduction to Windows Forensics series called “Event Log Forensics with Log Parser.” This video shows how Log Parser can be used to analyze Windows event logs in ways not possible with Windows Event Viewer or third-party log viewers.
You can watch it here: https://www.youtube.com/watch?v=mCfkFO0xs34
Plenty more juicy DFIR goodness here: https://www.youtube.com/13cubed
[link] [comments]
23 Apr 17:31
Meanwhile, Back on MadIRC…
by secretsofthedark
After a very long time, I decided to drop into MadIRC again today, which I’ve written about on a few previous posts, such as MadIRC – Nice People on the Dark Web!?
It was quite nice to be among the sarcasm and tech talk once again. The only difference was that I was doing so on my Ubuntu system now, so under the hood, it was a contrasting process.
One of the “adjustments” I was getting used to was using WeeChat, as opposed to HexChat, which I had used on my old system. For those of you who like the old school technology look, WeeChat is about as old school as you can get:
I’ve mentioned on here before that I grew up using the DOS command prompt (yeah, pre-Windows), and WeeChat reminds me of that in so many ways! *geeks out*
The only problem I seemed to have with it, today, is that it wouldn’t connect via Tor. Am I cursed with this? Maybe. Actually, the issue might have been that I just didn’t have the Tor Browser open, which is a problem I also had with HexChat on occasion.
Anyway, the particular channel that I hang out on is called #Elite, and while it may not be full of psychos, per se, they’re just a tech-savvy bunch of guys who like things such as Linux and coding. Oh, and they might make the occasional politically incorrect joke – don’t worry, you get used to that!
What is rather frowned upon is anything relating to CP, or asking for links, or just general trolling. Look, if you read this blog, I’ve given more than my fair share of links. No need to stop by IRC for that, right?
So, uhh…what’s so special about it? I really don’t know. What’s special about any chat room, for that matter? Come by and see for yourself.
With that, I leave you with a classic quote from bash.org:
<Sonium> someone speak python here?
<lucky> HHHHHSSSSSHSSS
<lucky> SSSSS
<Sonium> the programming language
30 Mar 22:49
ey! Look for patterns
by /u/LiveOverflow
 |
submitted by /u/LiveOverflow to r/LiveOverflow [link] [comments] |
26 Mar 14:29
Connecting two PCs with audio cables is something I wanted to do for a long long time - it's a pretty simple yet interesting project touching a little on the subjects of signal processing and how to actually hook something into the operating system's TCP/IP stack. Don't expect blazing speed and low latency, but it should be fun anyway.
When: Wednesday (28.03 8PM CEST)
Where: https://www.youtube.com/c/GynvaelEN
What to expect: Very simple signal processing, Python programming, a negligible amount of electronic circuits, IRC over audio cables if everything works out fine.
See you Thursday!
Livestream: 28.03 8PM CEST - Soundcard networking
Connecting two PCs with audio cables is something I wanted to do for a long long time - it's a pretty simple yet interesting project touching a little on the subjects of signal processing and how to actually hook something into the operating system's TCP/IP stack. Don't expect blazing speed and low latency, but it should be fun anyway.
When: Wednesday (28.03 8PM CEST)
Where: https://www.youtube.com/c/GynvaelEN
What to expect: Very simple signal processing, Python programming, a negligible amount of electronic circuits, IRC over audio cables if everything works out fine.
See you Thursday!
23 Mar 20:21
Zero to OSCP in 292 Days... or How I Accidentally the Whole Thing - Part 2
by /u/Chazb0t