Time to dox some #infosec #frauds . This company is hosting #fake #CTFs to get free work by applicants! #LinkedIn #recruiter

<strong>HTB Funnel</strong>
$ nmap -v -sV -p- 10.129.74.179 --min-rate 5000

Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-04 10:15 CET
NSE: Loaded 45 scripts for scanning.
Initiating Ping Scan at 10:15
Scanning 10.129.74.179 [2 ports]
Completed Ping Scan at 10:15, 0.04s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:15
Completed Parallel DNS resolution of 1 host. at 10:15, 0.02s elapsed
Initiat
https://www.rffuste.com/2023/03/06/htb-funnel/
#CTFs #htb

I wanna be super #cereal for a moment.

If you are engaging or competing in #ctfs like the one's run by @RealTryHackMe - then pay attention to this.

I totally and absolutely envy you.

I cannot focus long enough to write this toot, much less to do a full on exercise like capture the flags usually requires. #ADHDtax

I wanna be super #cereal for a moment.

If you are engaging or competing in #ctfs like the one's run by @RealTryHackMe - then pay attention this this.

I totally and absolutely envy you.

I cannot focus long enough to write this toot, much less to do a full on exercise like capture the flags usually requires. #ADHDtax

Burp Suite Academy Lab – Reflected XSS into attribute with angle brackets HTML-encoded
This lab contains a reflected cross-site scripting vulnerability in the search blog functionality where angle brackets are HTML-encoded. To solve this lab, perform a cross-site scripting attack that injects an attribute and calls the alert function.

https://www.rffuste.com/2023/02/06/burp-suite-academy-lab-reflected-xss-into-attribute-with-angle-brackets-html-encoded/
#CTFs #burpSuiteAcademy

<strong>BurpSuite Lab – DOM XSS in jQuery selector sink using a hashchange event</strong>
This lab contains a DOM-based cross-site scripting vulnerability on the home page. It uses jQuery's $() selector function to auto-scroll to a given post, whose title is passed via the location.hash property.

To solve the lab, deliver an exploit to the victim that ca
https://www.rffuste.com/2023/01/16/burpsuite-lab-dom-xss-in-jquery-selector-sink-using-a-hashchange-event/
#CTFs #burpSuiteAcademy

BurpSuite Lab – DOM XSS in jQuery anchor `href` attribute sink using `location.search` source
This lab contains a DOM-based cross-site scripting vulnerability in the submit feedback page. It uses the jQuery library's $selector function to find an anchor element, and changes its href attribute using data from location.search.

To solve thi
https://www.rffuste.com/2023/01/09/burpsuite-lab-dom-xss-in-jquery-anchor-href-attribute-sink-using-location-search-source/
#CTFs #burpSuiteAcademy

I completed my weekend goal. 🥳🎉
Wreath from @RealTryHackMe has been successful pwned! It was a huge room with various challenges. Learned a lot. It comes with a sweet badge too. https://tryhackme.com/Scott.Lang/badges/wreath #cybersecurity #tryhackme #wreath #infosec #av_exploitation #ctfs

<strong>BurpAcademy Lab – DOM XSS in innerHTML sink using source location.search</strong>
This lab contains a DOM-based cross-site scripting vulnerability in the search blog functionality. It uses an innerHTML assignment, which changes the HTML contents of a div element, using data from location.search.

To solve this lab, perform a cross-site scripting a
https://www.rffuste.com/2023/01/02/burpacademy-lab-dom-xss-in-innerhtml-sink-using-source-location-search/
#CTFs #burpSuiteAcademy

Burp Suite Academy lab – DOM XSS in document.write sink using source location.search
This lab contains a DOM-based cross-site scripting vulnerability in the search query tracking functionality. It uses the JavaScript document.write function, which writes data out to the page. The document.write function is called with data from location.searc
https://www.rffuste.com/2022/12/19/burp-suite-academy-lab-dom-xss-in-document-write-sink-using-source-location-search/
#CTFs #burpSuiteAcademy

HTB Synced
Today we return with a new of the very easy HTB boxes to try to finish them all.

$ nmap -v -p- 10.129.228.37 --min-rate 5000

Starting Nmap 7.93 ( https://nmap.org ) at 2022-12-04 11:01 CET
Initiating Ping Scan at 11:01
Scanning 10.129.228.37 [2 ports]
Completed Ping Scan at 11:01, 0.12s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 11:01
Completed Parallel DNS resolution of 1 host. at 1
https://www.rffuste.com/2022/12/05/htb-synced/
#CTFs #htb

Hello! This Post: A great fitness tracking app for the #WeHackHealth life.

As much as it's important for us as #defenders to read, learn, and practice #BlueTeam ; we also have to ensure that our bodies are in shape in order to endure and be resilient during those long #IR response engagements.

One of the ways I'm keeping track of my fitness / fitness related goals that I wanted to share with you is this site: https://www.fitocracy.com/

They help gamify your fitness with #worldofwarcraft style achievements, quests, and have a useable at the gym work-out tracking app.

That's all I got for now. I'm planning to start sharing walkthroughs of some of the #ctfs that I shared in a previous post. Deep diving into the MITRE ATT&CK framework, and more.

Thank you for reading.

-GK

Music for your Reading Ears: https://www.youtube.com/watch?v=JrO46CJd9ns

#fitness #WeHackHealth #metrics #persistence #resilience #BlueTeam

Bueno mastodontes de #malaga, estoy interesado en hacer cositas de #ethicalhacking con gentecilla por malaga (#CTFs, bug#bounty o similares) en grupo porque todo es más entretenido así. Alguien interesad@ o que conozca a alguien que podría estarlo?

Octothorpe time! Here's many of my interests, but I'm always adding new ones:

#netsec #infosec #animals #hamradio #hardwarehacking #aerospace #baking #calligraphy #homesteading #SelfSufficiency #books #writing #solarpunk #chickens #cats #tea #malwareanalysis #CTFs #knitting #fiberarts #AIArt #manga #anime #japanese #French

If you're into any of this stuff, I post a lot of things related to these and lots of other weird stuff too. Hajimemashite!

If you enjoy cute #CTFs, this is a fun one! :hecked:​

https://github.com/BlackwingHQ/FemtoCTF2021

On the top of it, if you solve it you can apply to the position of security researcher currently open at Blackwing.

// h/t @x30n

If you need to generate "realistic" user data for #infosec / #dfir #ctfs, this is a really interesting GitHub repo.

It aims to simulate user behaviour and seems pretty awesome.

https://github.com/cmu-sei/GHOSTS

One thing I recommend to a lot of people is PicoCTF and PicoGym. If you're new to #CTFs it's an awesome place to start; or if you're just new to #security in general.

Whether you are a cyber security professional, competitive #hacker or new to CTFs you will find interesting challenges in the picoGym that you can solve at your own pace.

Try it out! https://picoctf.org/index.html#picogym

A few years ago I had the privilege to shoot artist portraits of a dear friend of mine. Claudia, a.k.a. #crackthefiresister, is a true multi-talented wonder woman. She sings, paints, coaches vocalists, does poetry, art installations, band interviews, can do intense growls and shouts, and and and.

Here she is among some of her art installations.

#ctfs #singer #painter #artist #vocalcoach #metal #portrait #mastodonvienna #mastodonaustria #art #portraitphotography

@bonzoesc Very nice! Thanks #ctf #ctfs #infosec

On that note, participating in online #CTFs is a good way to learn and also find some new folks to talk to especially when you end up helping each other with hints etc if someone is stuck. #infosec

CTFs come and go all the time, just do a search for one online.

If you are interested also, here's an interesting Github on CTF writeups https://github.com/VulnHub/ctf-writeups