347 matches found
Trellix HAX 2023 Capture the Flag Results!
Trellix HAX 2023 Capture the Flag Results! By Mark Bereza · March 17, 2023 This story was also written by Jesse Chick. All good things must come to an end, and our annual CTF is unfortunately no exception. When this competition began, we asked each of you to try your hand at 12 new challenges –...
DataSurgeon - Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Secuirty Numbers And More From Text
DataSurgeon ds is a versatile tool designed for incident response, penetration testing, and CTF challenges. It allows for the extraction of various types of sensitive information including emails, phone numbers, hashes, credit cards, URLs, IP addresses, MAC addresses, SRV DNS records and a lot...
Trellix HAX 2023 CTF Competition
Trellix HAX 2023 CTF Competition Now Open for Registration! By Mark Bereza · February 17, 2023 This story was also written by John Dunlap. Introduction Trellix’s Advanced Research Center is happy to announce the launch of Trellix HAX 2023, our third annual capture the flag CTF competition! With 1...
Trellix HAX 2023 CTF Competition
Trellix HAX 2023 CTF Competition Now Open for Registration! By Mark Bereza · February 17, 2023 This story was also written by John Dunlap. Introduction Trellix’s Advanced Research Center is happy to announce the launch of Trellix HAX 2023, our third annual capture the flag CTF competition! With 1...
Mellivora 跨站脚本漏洞
Mellivora is a CTF engine written in PHP by the individual developer Nakiami. A cross-site scripting vulnerability exists in Mellivora versions prior to 2.1.x. The vulnerability stems from an incorrect manipulation of a parameter that leads to a cross-site scripting vulnerability...
CVE-2022-4349
A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The...
CVE-2022-4349 CTF-hacker pwn delete.html cross-site request forgery
A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The...
PT-2022-26941 · Unknown · Ctf-Hacker Pwn
Name of the Vulnerable Software and Affected Versions: CTF-hacker pwn affected versions not specified Description: A problematic vulnerability has been found in CTF-hacker pwn, affecting an unknown part of the file delete.html. The manipulation leads to cross-site request forgery, which can be...
CVE-2022-4349
CVE-2022-4349 corresponds to a CSRF vulnerability in CTF-hacker pwn, affecting an unknown part of delete.html. The issue allows remote initiation of cross-site request forgery, with public disclosure of the exploit. The available connected documents consistently mention CSRF in delete.html and do...
CVE-2022-4349 CTF-hacker pwn delete.html cross-site request forgery
A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The...
What We're Looking Forward to at Black Hat, DEF CON, and BSidesLV 2022
The week of Black Hat, DEF CON, and BSides is highly anticipated annual tradition for the cybersecurity community, a weeklong chance for security pros from all corners of the industry to meet in Las Vegas to talk shop and share what they've spent the last 12 months working on. But like many belov...
modDetective - Tool That Chronologizes Files Based On Modification Time In Order To Investigate Recent System Activity
modDetective is a small Python tool that chronologizes files based on modification time in order to investigate recent system activity. This can be used in CTF's in order to pinpoint where escalation and attack vectors may exist. To see the tool in its most useful form, try running the command as...
Malicious code in esperamier-ctf (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52bfdf9444b341e41e024c45a5d5dc7dbf15553c8f3c3ca808ec74091bc85c63 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2849 Malicious code in esperamier-ctf (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52bfdf9444b341e41e024c45a5d5dc7dbf15553c8f3c3ca808ec74091bc85c63 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
libdtrace-ctf Required to Install Veeam Agent for Linux on Oracle Linux UEK
Challenge When installing Veeam Agent for Linux on Oracle Linux 6 or 7 with UEK kernel, the veeamsnap package fails to install with the following error: Error! Bad return status for module build on kernel: Consult /var/lib/dkms/veeamsnap//build/make.log for more information. The make.log example...
Google kCTF Access Control Error Vulnerability
Google kCTF is a Kubernetes-based CTF competition infrastructure from Google Google. kCTF v1.6.0 prior to the release of Google kCTF has an access control error vulnerability, which stems from the existence of improper access control in the kctf cluster, which can be exploited by attackers to...
CVE-2022-31055
Summary: CVE-2022-31055 relates to Google kCTF, a Kubernetes-based CTF infrastructure. Several connected sources confirm that prior to version 1.6.0 the kCTF cluster set-src-ip-ranges feature was broken, effectively allowing traffic from any IP due to improper access control. The issue was patche...
CVE-2022-31055 Improper Access Control in kctf
kCTF is a Kubernetes-based infrastructure for capture the flag CTF competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark the...
Google kCTF 安全漏洞
Google kCTF is a Kubernetes-based CTF competition infrastructure from Google Google. kCTF v1.6.0 prior to the release of Google kCTF has an access control error vulnerability, which stems from the existence of improper access control in the kctf cluster, which can be exploited by attackers to...
PHDays 11: towards the Independence Era
Hello everyone! In this episode, I want to talk about the Positive Hack Days 11 conference, which took place on May 18 and 19 in Moscow. As usual, I want to express my personal opinion about this event. Alternative video link for Russia: As I did last year, I want to start talking about this...