1. The Abyss Writeup

    Introduction

    In TJCTF 2018's challenge "The Abyss", you are given access to a Python 2 interpreter with heavy restrictions on your input. If you enter a string in the blacklist, ie __ (double underscore), your command will not be executed. Additionally, some builtins have been removed, and it prevents …

  2. Chimay-Red

    This post outlines and presents the rediscovery, vulnerability analysis and exploitation of a zero-day vulnerability that was originally discovered and exploited by the CIA's "Engineering Development Group"; remotely targeting MikroTik's RouterOS embedded operating system that was discovered during the "Vault 7" leak via WikiLeaks in March of 2017.

    Brief History …

  3. Astana Myth - Part 1

    The Astana Challenge

    Concealed within the Book are secrets and mysteries (the “Clues”) that, once solved, reveal a hidden message (the “Solution”). The first person, or group of persons, (the “Sleuth”) to deduce the Solution in its exact …

  4. CTF Team as a Training Resource

    Five years ago, when we started Seekintoo, I never imagined we would be developing a rather extensive training program for on-boarding Threat Hunters and Penetration Testers. Well, we've been working on that for the past few months and I have some thoughts about the CTF participation that organically became a …

  5. LabyREnth 2017 - 3D Maze Writeup

    LabyREnth's second annual CTF's programming track contained an interesting challenge: solve a 3D maze that will attempt to "cheat".

    LabyREnth's Maze Challenge Introduction Inside The Maze

    I decided that there would be three steps to solving this: 1. Determine how the maze cheats 2. Write code to parse the server's output 3. Implement a pathfinding algorithm

    Determining …

  6. DIY Smart Home Security? Meh..

    Fueled by the rise of the Internet of Things, do it yourself alarm systems have become a multi-billion dollar industry that is increasingly disrupting traditional alarm companies share of the home security market. One area of concern with IoT is the security of these ubiquitous devices. So I thought it …

  7. Advanced DNS Analysis with ArcSight

    Mon 26 September 2016
    By Eric

    Entropy

    This is part one in a series of extending the functionality of ArcSight connectors to analyze DNS requests.

    DNS requests are a high-volume event source, but there is value in sending them to the SIEM beyond seeing which workstations are hitting giphy all day. Along the buzzwordy cyber kill …

  8. U of C Career Fair

    Seekintoo will be attending, for the first time ever, the University of Calgary's Science and Engineering Career Fair. We have a veteran technical recruiter signed up to help (Thank you Z!) as well as a few other super important staff popping in throughout the day. This year was very hectic …

Page 1 / 1