The Ghost Operator's Signal
This is a 50 points task in PicoCTF to solve this puzzle. I have to admit that I sat on it for a while because I suspected a complex solution like using stenography or any other hidden clues in the image file. Finally I just sat down and it became obvious immediately.
Continue reading “PicoCTF: The Numbers [CTF Write Up]”
The PicoCTF web exploitation tasks are fun and you can learn a lot about the web and about the tools you can use as a white hat hacker or penetration tester. Knowing about the possible security issues can help you avoid them as well as a developer. Let’s see another web security challenge!
Continue reading “PicoCTF: Cookies [CTF Write Up]”
In the following CTF game the player looks into the HTTP communication and its request methods. It is a great opportunity to learn about what happens behind the scenes during loading a web page. The game is on PicoCTF.
Continue reading “PicoCTF: GET aHEAD [CTF Write Up]”
Have you ever thought about joining the forces of white hat hackers and penetration testers? Don’t you know where to start or how to practice some skills? Though capture the flag games, or CTFs in short, are not the most life-like situations, they can help you to build a way of thinking and to learn the basic tools. PicoCTF is a great site to start as a beginner.
Continue reading “PicoCTF: “where are the robots” [CTF Write Up]”In the ever-evolving landscape of cyber security, staying ahead of the curve is not just a preference but a necessity. Continuous learning and hands-on practice are crucial components of honing the skills required to defend againsTryHackMet the relentless onslaught of cyber threats. TryHackMe, a leading platform for cyber security education, has introduced an innovative and festive approach to learning with its Advent of Cyber series. This blog post explores the unique features that make TryHackMe’s Advent of Cyber a valuable resource for individuals seeking to enhance their cyber security prowess.
If you have been doing the TryHackMe Simple CTF challenge recently, you may have ran into the problem that the original exploit is written in Python 2 for Ubuntu 18.04. The script can be converted or rewritten to Python 3, but my Debian Bookworm attack box had issues running it and showing the result. I came up with a quick solution using docker.io.
Continue reading “TryHackMe | Simple CTF – Modern Solution (2023) Working Exploit With Docker.io”RootMe is a bite sized WEB upload form and Linux privilege escalation exercise.
Continue reading “TryHackMe | RootMe [CTF write-up]”Microsoft Active Directory can be found at every medium/large organization (99% according to the THM room). This is why it is a common target for black hats and other malicious actors. In the Attacktive Directory room we can learn a lot about targeting the services in an AD.
I use the THM in-browser Kali Linux for this task!
Continue reading “TryHackMe | Attacktive Directory [write-up]”In this room we practice to enumerate and exploit vulnerabilities on Linux servers.
Let’s walk through the Vulnversity room of tryhackme.com. This write-up is written for educational purposes. Please do not use it for cheating or skipping the tasks.
In this article I go through the OWASP Juice Shop room of tryhackme.com. This room is a practical review of the OWASP Top 10 vulnerabilities. This is a base security consideration for those who want to develop web applications.
Tom's IT Cafe 