Securing Web Apps 2020 CTF

With @sambowne, @djhardb, @KaitlynGuru, and @infosecirvin.

Scoreboard · Submit Flags

Scores from HOPE 2020

   

Scores 7-25-2020 Before HOPE

Burp, ZAP, & Postman

W 510: Intro to Burp  60
W 520: SAML  15
W 230: Manual Audit of Hackazon  20
W 530: Exploiting ECB Encryption  75
W 200: Google Cloud Linux Servers  15
ED 290: Desktop on a Cloud Linux Server  10
W 220: Zed Attack Proxy  20
W 300: Using an API with Postman  15
W 301: Using the Github API with Postman  10

Splunk & Suricata

W 201: Drupal and Splunk  20
W 202: Using Splunk with Suricata  20

Networking

H 410: Nmap  40
H 420: Wireshark  110
W 210: Shadowsocks Proxy  15

Splunk Boss of the SOC

Boss of the SOC v1: Threat Hunting with Splunk  325

Basic Defenses

W 10: Configuring an HTTPS Server  15
W 20: reCAPTCHA  15
W 30: CanaryTokens  5

Command Injection

OWASP Top Ten
H 110: Linux Journey  83
ED 102: Command Injection  60
ED 103: SQLI Challenges  185
ED 104: CMD Injection  40
ED 105: Server Side Template Injection (SSTI)  35
W 401: Command Injection on Salt  30
ED 106: PHP-FPM Command Injection  15

   

References

Living Off The Land Binaries and Scripts

Whole Class with More Videos

SOME USEFUL APPLICATION SECURITY RESOURCES

OWASP Top 10 TryHackMe

OWASP Juice Shop

Last updated 7-263-2020 12 pm