application security
57 TopicsAdvanced CTF Challenge: Serial Maze
Need hint on Serial Maze. Have gone through html & javascript, couldn't find the token. Using dirb found one endpoint "http://10.102.17.87/2257", its response "What a pickle... You need the secret to continue." No sure how to proceed form here. Thanks, Sabil28Views0likes3CommentsHalloween Labs - ideas, suggestions, wants 👻🎃🦇
What would you want to see from future Halloween labs? Did you really enjoy a particular aspect of previous years? Any technologies, themes, rewards you want to see? Want more Community content - webinars, events, media within the labs? 👻🎃🦇137Views3likes6CommentsRails: SQL Injection (Bugged?)
IDK what's going on with this lab but sometimes it tells me my code works sometimes it tells me it doesn't? The instructions tell you exactly what to do I follow those and it still claims it's insecure? Is there something else that needs to be done with this? I can post the code that I'm trying to submit if someone would like, but I was able to do all the ones before very easily and the one right after but this one either has something else that needs to be done that isn't clearly stated or it's bugged.Solved14Views1like1CommentYour first lab level 9
What was the first level 9 lab you conquered? :). It does not matter that you will seek advice from other giants, or that you will manage to complete it on your own: share your journey with us!; to get the token or become root on that server. I start: I think that my first conquest of Lab level 9 is related to debugging ByteCode in Java (and only a few days ago!): my background is Oracle, and from years ago, so imagine how lost I was :). After loading the project into the IDE (along with the required plugin) I started debugging bit by bit... until one particular string caught my attention; it stood out from the rest!. And it was the solution :). Good luck!357Views2likes10CommentsSnort Rules: Ep.7 – Lokibot Infection Traffic
I need help with the last question please. I tried so many rules and I am still getting it wrong 13-Create a Snort rule to detect this User-Agent string in the HTTP header for connections using port 49167, then submit the token. Tried this one which to me it should be able to work. alert tcp any any -> any 49167 (msg:"User-Agent match"; content:"Mozilla/4.08 (Charon; Inferno)"; sid:5000031;) alert tcp any any -> any 49167 (msg:"User-Agent Mozilla/4.08 (Charon; Inferno) detected"; content:"User-Agent: Mozilla/4.08 (Charon; Inferno)"; http_header; sid:5000020;)Solved49Views0likes2CommentsAWS Systems Manager: Demonstrate Your Skills
Hi. I'm trying to complete the final lab in the AWS Systems Manager: Demonstrate your skills lab. I'm trying to create an IAM policy as requested, but it isn't being accepted. Here is the question: And here is my policy: { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetObjectVersion" ], "Resource": [ "arn:aws:s3:::arn:aws:s3:::aws-ssm-eu-west-1/*", "arn:aws:s3:::arn:aws:s3:::amazon-ssm-eu-west-1/*", "arn:aws:s3:::arn:aws:s3:::amazon-ssm-packages-eu-west-1/*", "arn:aws:s3:::arn:aws:s3:::aws-ssm-document-attachments-eu-west-1/*", "arn:aws:s3:::arn:aws:s3:::patch-baseline-snapshot-eu-west-1/*", "arn:aws:s3:::arn:aws:s3:::aws-quicksetup-patchpolicy-*/*", "arn:aws:s3:::arn:aws:s3:::metroliate-1c81a515/*" ] }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::arn:aws:s3:::metrolio-ssm-logs-74c21f24/*" }, { "Sid": "VisualEditor2", "Effect": "Allow", "Action": "s3:GetEncryptionConfiguration", "Resource": "arn:aws:s3:::arn:aws:s3:::metrolio-ssm-logs-74c21f24" } ] } Any help on what I'm doing wrong would be much appreciated.Solved37Views0likes2CommentsThoughts on AI-powered cyber tools...?
Hey everyone, I went to InfoSec in London recently, and it seemed like almost every stand had "AI" as a feature: AI-powered SIEMs, anomaly detection systems, etc. What's are people's opinions on all this marketing? Have you seen vast improvements in infosec systems with AI features, or do you think this is more the latest sales and fund-raising mechanism? Probably somewhere in between... I'd love to hear of any examples where you've had experience with new AI tools.20Views1like0Comments