Presented by Paul
Follow me on Twitter
Useful Pages for the crypto challenges Dcode Dcode.fr is a really cool website with lots of different tools to help with decoding of various cryptography
CyberChef Cyberchef is a tool that you can use to encode and decode things into all sorts of different formats, it’s a really great tool you should check it out!
There also seems to be a Twitter account that will post more clues
Presented by Tim
Follow me on Twitter
Soon …
Presented by Paul w
Follow me on Twitter
Introduction Tonight I thought I’d have a go at a box on VulnHub the box I picked was a fairly recent one as I wanted to ease myself back into doing some CTFs - I’ve been a bit busy doing other things recently - anyway I chose the box Bob:1.0.1 it sounded fairly simple:
“Your Goal is to get the flag in / Hints: Remember to look for hidden info/files”
Written by Rob (@iamrastating)
Challenge: “Express” Checkout Description It took a lot of courage but our great team accomplished the unthinkable. We are happy to announce a fantastic new express checkout experience. Our customers are going to love it! This new workflow has your items delivered to someone else in no time flat!
Categories Web
Points 50
Solution Viewing the customer listing revealed e-mail addresses of all customers. The challenge was solved by enumerating all e-mail addresses to find one which could be used on the checkout page for dandelions.
Presented by Tim
Follow me on Twitter
Introduction This is a follow up article to Paul W’s write-up about m1con’s mobile ctf. In the article, Paul mentioned Cyberchef, and it was a quick way of solving the challenge.
Since Cyberchef wasn’t covered, and may provide a quicker solution for future ctf challenges, I decided to describe it here.
What is CyberChef? CyberChef was developed by GCHQ to quickly perform certain operations on inputs.
Presented by Paul w
Follow me on Twitter
Introduction Last night I went to the meetup group “M1 Con” hosted by Digital Interruption and Outsource UK Ltd.
Jay Harris gave a talk about mobile security - it wasn’t super technical, but it highlighted the fact that clearly security is still a bit of an after thought especially when it comes to mobile development - he cited examples of issues that crop up in mobile devices that were fixed in web apps (XSS vulnerabilities for example) long ago.
Written by Rob
The ASIS CTF 2017 finals were our first CTF as a team (on short notice too!). We managed to complete five of the challenges in total, which ranked us in 98th place out of 590 teams overall, and the highest ranked team in the UK.
Challenge: V.I.R Description Rules are always broken, but not this time!
Categories Warm-up
Solver(s) @Odin_The_Mighty
Solution The flag for this challenge was simply a case of heading over to the rules page, and finding it.
Written by Rob
Challenge: Trust Description I’d like to file a complaint about your website, it doesn’t work correctly.
Categories Web
Points 50
Solution Viewing the page showed a message which seemingly contained the flag:
Most doggos have 4 legs Many doggos have collars with their name or ID number on a tag. The most common tag number is, MCA{C0PYING_1z_d@ng3r0us}. no one really knows why this is such a popular number Doggos make good friends
Presented by: Tom
A talk by one of our members on the common tools and techniques used to break into a server, starting from enumeration and going to full exploitation.
For anyone wanting to play along, please bring a laptop with Kali installed (a virtual machine is okay - make sure you have the latest version of wpscan by running the command “wpscan –update”) as well as a copy of this vm