Not sure if you can see recent submission on iseclab's wepawet site. Here's another one work a look, use the search feature to grab more recently checked URLs

http://urlquery.net/search.php?q=.&type=string&start=2012-09-24&end=2012-09-26&max=50

You might need to sift through some of the lower repped results to get some obsfucated javascript. And they may still be up.

Congrats, enjoy your studies!

Thanks for this article. Interesting to see so much interest in Bristol, UK, not far from me!


Here's a couple of links to some more material

Open University: http://www.open.edu/openlearn/body-mind/psychology

MIT Opencourseware: http://ocw.mit.edu/courses/brain-and-cognitive-sciences/


I'll also be interested in seeing the reviews for this book - Human Compromise by Mike Murr http://www.syngress.com/hacking-and-penetration-testing/Human-Compromise/ (when it comes out in a few months), but obviously, buy Chris' book/course first

Check out this list for some practice CTFs http://capture.thefl.ag/practice-ctf/

Looks like you probably just missed out on registering for the Mozilla CTF https://wiki.mozilla.org/Security/Events/CTF which would have been a good introduction since it's aimed at less experienced people (at CTFs).

There are quite a few that go on, check the calendar on http://capture.thefl.ag

Try adding a null character - test.php%00.jpg

Also check OWASP site https://www.owasp.org/index.php/Unrestricted_File_Upload for plenty more options I wouldn't have immediately thought of, like using alternate data streams.

I obviously flicked through too quickly, here's the holiday challenge link from the slides: Much like those previously seen featured on EH.net

http://pen-testing.sans.org/holiday-challenge


EDIT: Well that was fun, perhaps slightly easier that some previous challenges, have a go!

I just came across Ed Skoudis' slides on the making of capture the flag games. It's quite interesting to flick through the slides and hopefully will inspire more people to create these types of games!

http://pen-testing.sans.org/blog/2011/12/10/sans-keynote-preso-put-your-game-face-on


slides: http://blogs.sans.org/pen-testing/files/2011/12/Put-Your-Game-Face-On-1.0.pdf

At the end of the slides there are links to a few different challenges, some have been featured on here! But you might have missed some.

I'll throw a quick link out for https://pwn0.com/ too. Just connect in with a machine and start trying to gain access to some of the pwn0bots. It's good fun, but don't forget to nail down the system you connect in with

what about the jpg ones?

EDIT: sent you a pm

Are you sure this is the only answer? This article suggests there may be a hidden 4th challenge!

http://www.theregister.co.uk/2011/12/06/hidden_gchq_code_breaking_challenge/

Check the long list of them on here: http://www.jjtc.com/Steganography/tools.html

Good luck on becoming a cyber warrior, it's a fun puzzle!

There's also a security class from the same place.

"In this class you will learn how to design secure systems and write secure code. You will learn how to find vulnerabilities in code and how to design software systems that limit the impact of security vulnerabilities. We will focus on principles for building secure systems and give many real world examples. In addition, the course will cover topics such as:

memory safety vulnerabilities,
techniques and tools for vulnerability detection,
sandboxing and isolation,
web security,
network security,
malware detection and defense, and
mobile platform security.

Course homework and labs will teach students how to find vulnerabilities and how to fix them. The labs are designed to help students practice the principles of secure system design."

http://www.security-class.org/

GCHQ are apparently looking to hire computer experts and have created a challenge. It doesn't look easy, but take a punt!

http://www.canyoucrackit.co.uk/

Worked for me - HF5, I'd just delete and start SVN again.

Let me know what other tools you play with on the pandora.

Curious how you installed it, I did a while back with the SVN from secmaniac.com and it worked flawlessly on my pandora.

Giving it another try now to see if i get the same issue as you.

EDIT: This guy had the same error http://www.backtrack-linux.org/forums/backtrack-bugs/37042-social-engineering-toolkit-v1-2-error.html fix was svn update

Something came up, will have to try this out later on.

I think the EthicalHacker.net group discount code is Connect_EHN10, seems to work.

Click on the links to find out what those extra options give you

I'd want to take the exam after forking out for the course!

Interesting... I almost did something without realizing there was a related competition!

Good luck everyone, I've got Thomas' other book and can say it was a great read.

EDIT: Removed