alan

Not sure if you can see recent submission on iseclab’s wepawet site. Here’s another one work a look, use the search feature to grab more recently checked URLs

http://urlquery.net/search.php?q=.&type=string&start=2012-09-24&end=2012-09-26&max=50

You might need to sift through some of the lower repped results to get some obsfucated javascript. And…[Read more]

Thanks for this article. Interesting to see so much interest in Bristol, UK, not far from me!

Here’s a couple of links to some more material

Open University: http://www.open.edu/openlearn/body-mind/psychology

MIT Opencourseware: http://ocw.mit.edu/courses/brain-and-cognitive-sciences/

I’ll also be interested in seeing the reviews for this…[Read more]

Check out this list for some practice CTFs http://capture.thefl.ag/practice-ctf/

Looks like you probably just missed out on registering for the Mozilla CTF https://wiki.mozilla.org/Security/Events/CTF which would have been a good introduction since it’s aimed at less experienced people (at CTFs).

There are quite a few that go on, check the…[Read more]

Try adding a null character – test.php%00.jpg

Also check OWASP site https://www.owasp.org/index.php/Unrestricted_File_Upload for plenty more options I wouldn’t have immediately thought of, like using alternate data streams. 🙂

I obviously flicked through too quickly, here’s the holiday challenge link from the slides: Much like those previously seen featured on EH.net

http://pen-testing.sans.org/holiday-challenge

EDIT: Well that was fun, perhaps slightly easier that some previous challenges, have a go!

what about the jpg ones?

EDIT: sent you a pm

Are you sure this is the only answer? This article suggests there may be a hidden 4th challenge!

http://www.theregister.co.uk/2011/12/06/hidden_gchq_code_breaking_challenge/

Check the long list of them on here: http://www.jjtc.com/Steganography/tools.html

Good luck on becoming a cyber warrior, it’s a fun puzzle!

There’s also a security class from the same place.

“In this class you will learn how to design secure systems and write secure code. You will learn how to find vulnerabilities in code and how to design software systems that limit the impact of security vulnerabilities. We will focus on principles for building secure systems and give many real…[Read more]

Worked for me – HF5, I’d just delete and start SVN again.

Let me know what other tools you play with on the pandora.

Curious how you installed it, I did a while back with the SVN from secmaniac.com and it worked flawlessly on my pandora.

Giving it another try now to see if i get the same issue as you.

EDIT: This guy had the same error http://www.backtrack-linux.org/forums/backtrack-bugs/37042-social-engineering-toolkit-v1-2-error.html fix was svn…[Read more]

I think the EthicalHacker.net group discount code is Connect_EHN10, seems to work.

Click on the links to find out what those extra options give you

I’d want to take the exam after forking out for the course!

Interesting… I almost did something without realizing there was a related competition!

Good luck everyone, I’ve got Thomas’ other book and can say it was a great read.

EDIT: Removed

missing don in irc  :'(

I can’t help with GWAPT exam experience, but as Kris mentions, that books is a great resource.

you should check out OWASP broken web applications http://code.google.com/p/owaspbwa/ It has the apps you’ve listed aswell as some old versions of web apps that were vulnerable.

that last one is rad sil!

how’s about using a 2d barcode somewhere?

not sure this is going to solve this, but it mentions using print_line instead of puts in this doc:

http://www.metasploit.com/redmine/projects/framework/repository/revisions/9745/entry/HACKING

EDIT: that doesn’t work, totally wrong context!

put works as apollo says

Looks like someone solved the first cipher puzzle, wasn’t as simple as it may have seemed!

Phew – found & finished the real challenge 😀

write-ups online: http://www.information-security-training.com/news/hsiyf-2-for-charity-solutions/

Well, this was quite a tricky challenge, for me at least. I did manage to get one of the 5 machines, which was quite an easy linux stack bof for an app called vuln which they provided the source code for. I guarantee everyone on the scoreboard got that one!

Congrats to the winners!
See the scoreboard http://scoreboard.information-security-training…[Read more]