Kioptrix

I’ve been away from this blog for a while now, with good reason.  Been hammering at Offensive-Security’s CTP course for the last month and a bit.  Although my official results aren’t in, the experience was incredible.  The PWB course showed just how broken the Internet is, CTP only solidified that reality for me.

CTP is geared towards learning, and thinking in a whole different way (as opposed to PWB).   From start to finish, one needs to use his brain.  Think outside the box, and sometimes construct a new ones…  As with anything, difficulty is relative to one’s personal knowledge.

As far as certifications and training goes, nothing beats the hands on approach in my opinion.  Offsec once again delivers.  Not to put down the “multiple choice” exams out there (I also hold several of those), but material retention is greater when one needs to actually “do” rather then check choice “A”.

In the end, pass or fail, I’m closer to my goal… Know as much as I can.

Offensive Security’s How String Is Your Fu hacking event is now open for registration.
A 48 hour hacking event with all proceeds going for Hacker For Charity.
It’s for a good cause, and if you are not aware of this charity I strongly suggest you visit the above link and check it out.

It’s on 49$ USD and you’ll be going up against a very difficult network. If you don’t have the time, or feel your skills are not up
to the task. It’s ok, you can still donate a few bucks which will help out Johnny Long.

Have fun.

Well, I wrote this nice little article about taking an exploit and re-writing it as a MSF module.  Unfortunately, it’s really hard to import Word 2010 files to WordPress.  So easier for everyone if I just make it into a PDF file and made available for download.

It’s a very basic look at the process; Hope you enjoy it.. here it is.

Well, it’s been over a month since I haven’t posted anything here. Family life, work and studies have taken up most of my time. Once my daily chores completed I know longer have the energy to stay in front of the computer.  Recently I’ve been studying the MCTS for Exchange 2007.  Taking the exam in early June. I’m also starting Offsec’s second course, CTP and hoping to eventually add the OSCE next to OSCP.  Should be a tough one, but if I play my cards right all should be well.

I’m still testing for exploit-db, and keeping current (as much as I can) with all things ‘infosec’, but it’s difficult these days.  Summer means family outings, clean-up and a different work load at my current place of employment.  Rest assured, I will still be working on updating this blog… So all 2 of you reading will be fine

With CTP coming soon, I’ll need a place to write up my notes.  Same way I did for PWB (formally OffSec101), so lots of interesting snippets coming.  The VM project is on hold unfortunately.  Seeing I needed to switch to Hyper-V for work purposes, It’s difficult at the moment.

Other news, Hackfest.ca has released it’s pre-sales information for the upcoming convention in November. You can check them out here.  I’ll be attending for both days of course.

Have a good one people, wish me luck…

This past weekend’s CTF event hosted at the Sherbrooke University, and organized by the crew of HackUS.org was a complete success in my opinion. From the warm (and unexpected) welcome, right down to the ambiance and food provided. This being my first ever participation in this type of event, must say I wasn’t disappointed at all.

The battle ground HackUS provided us was exceptionally well made. All teams had lots of room to set up shop; we had meals provided for us during the whole event. Alcoholic beverages were available. As a whole, these guys organized one hell of a party. We had the standard CTF event, a Web CTF, some trivia/crypto puzzles to solve and web level-ups. Some reverse engineering, a botnet to analyze and in the end even a game of open-arena… It had everything for everyone. No complaints; nothing more was needed.

As for our performance, well didn’t fare to well compare to the other teams. 10 teams participated, and we finished 9^th overall. Still not bad for 2 guys looking to score at least 1 point… We got 60 in the end. I even got a bonus gift… An 85$ ticket for smoking near a public building.

Day 1:

We arrive at the hotel in Sherbrooke at around 15h00. After the 2 hour drive a well deserved shower is taken.
Then I decide to warm up for the upcoming activities.

All started with registration and the warm welcome (which gave me performance anxiety) from the HackUS crew. We were led to our table and then started to plug-in our gear. Seeing this was our first time at such an event we may have brought too much gear.

We’re given instructions on how things work, and we’re let loose on the network…
I of course, get another beer.

Day 2:

After 4 hours sleep, I drag my skinny a** out of bed and head back to face the war zone once more. After taking a wrong turn on the highway, I eventually got to Sherbrooke University campus.  Got a few points talked to some great people and more beer.

Day 3:

This one was rough. After two days away from home, I was starting to miss my own bed and pillow. We got a few more points in, but by this time we were out of ideas and stuck in 9^th place.

Around 15h00 that afternoon, it was the end. Prizes were given out, pictures were taken and hands were shaken. All of this with the presence of beer.

So as whole, this weekend was great. We now know what such an event looks and feels like. We’ll be better prepared for next year’s HackUS CTF.
Good job guys. You guys should be proud.