Author: 7UR7L3

Since passing the eJPT exam at the end of January, I have been learning about application security from a combination of Tanya Janca’s book, “Alice and Bob learn Application Security”, various blogs, and hands-on-practice in my home lab. I highly recommend the book for anyone interested in application security / incorporating security early in the…
Read more

“Cryptographic Failures” is ranked at #2 in the 2021 Open Web-Application Security Project’s (OWASP) Top 10 Web App Security Risks. The 2017 list includes cryptography-related common web exposures (CWEs), among others, in the category “sensitive data exposure” (ranked #3 at the time). In the words of the OWASP authors, “A02:2021-Cryptographic Failures shifts up one position to…
Read more

Recently, I’ve been focusing on some courses over TryHackMe; but, I saw that Stunsnroses recently made a challenge room, called Hygiene, that sounded interesting. You should check Stunsnroses out on YouTube as well. He has excellent videos that focus on very specific aspects of ethical hacking, and common tools that are used. This writeup will…
Read more

After SnykCon 2021’s “Fetch the Flag” CTF event, I was ready for more practice! I signed up for the SANS “Global Community CTF: BootUp” which ran from 10/14/2021 @ 6pm to 10/16/2021 @ 6pm for a total of 48 hours. I wasn’t able to work on this one 24-7, but the long period of time…
Read more

I had the privilege of participating in SnykCon 2021’s “Fetch the Flag” CTF event which was recently hosted by Snyk, a company that focuses on automatically finding and fixing security vulnerabilities in applications. The CTF lasted 10 hours with teams of up to 5 allowed. This was my first live CTF event, and I choose…
Read more

This post is a continuation of “TryHackMe Writeup: Peak Hill – Part I” where we found the first of two flags in this “pickle” (the Python module) themed CTF. The CTF is introduced in a bit more detail in Part I as well. In this part, we continue to find the root flag by ‘pickling’…
Read more

After completing TryHackMe’s “Pickle Rick” CTF, I saw John Hammond’s writeup for it which I learned a lot from. I also saw that he made a CTF room called “Peak Hill”, so I wanted to try it out. The subtitle for the CTF is “Exercises in Python library abuse and some exploitation techniques”, so I…
Read more

I recently completed TryHackMe’s Rick and Morty themed capture the flag (CTF) called Pickle Rick. We need to find three different flags on a target web server which contain the three ingredients needed to change Rick back into a human! There are some other great writeups for this CTF which you can find at the…
Read more