Written by Gábor Pék
Summer just started in 2011, when Gábor Pék, Buherátor and Bencsáth Boldizsár (aka “Boldi”) decided to do some nice hacking over the summer instead of going to splash in Lake Balaton all summer long. The annual international university hacking competition called iCTF was a big challenge with top competing teams. These guys needed to pull up their socks to have a chance.
The guys were not new in hacking, but they never considered to compete before. They were typical self-taught hackers, reading blogs and hacker news, never learnt hacking in the classroom. They wanted to get better, so they assembled a cherry-picked
a list of security topics to practice for the competition.
- Basic hacking tools: nessus, nmap, nikto, dirbuster, acunetix
- Operating system tools: bash, perl, python, process explorer, sysinternals tools
- Web hacking magic: sql injection, XSS, CSRF, cookie jacking, session hijacking
- Memory-based vulnerabilities: rop, bof, format string
- Hacks of the year: sony, anonymous, lulzsec
- Targeted attacks and APTs (advanced persistent threat)
- Malware disassembly
- Forensics: volatility
- Network handling: proxy, channeling
- Certificates, OTP
- Social network hacks: spear phishing, social spam
- Google hack DB
Most people were enjoying their vacation, but a small group of motivated students joined the effort. By September, the guys held regular meetings on Thursdays rigorously reviewing tools and hacks (with the help of some pizza and beer). The days of the iCTF 2011 competition came and the team finished 36th (named as Team.iCTF.CrySyS.A).
I think, this was the beginning of a beautiful friendship!
How did we get from this first CTF competition to compete twice at the DefCon finals? We will tell you in the next post.
In the meantime, we are creating awesome tutorial challenges for you to try some of these hacker tools. Check out the hacking tools above in the list and comment if you want to suggest some tools.
We are more than happy to welcome Zoltán Balázs, (also on Twitter) as the next security expert on our blog. Zoli has long track records in bypassing security defense products. He regularly gives talks on security conferences such as DEFCON, Botconf or Hacktivity. He...
Charlie Miller, (also on Twitter) is well-known in the security community for his exceptional hacking results. He won the Pwn2Own contest at CanSecWest 4 times by exploiting various Apple products (e.g., Safari, iOS) . Then he surprised the world by performing a...
We are more than happy to welcome Mateusz Jurczyk (aka “j00ru”), (also on Twitter) as the second security expert on our blog. When talking about low-level Windows kernel security, we are unable to avoid his name. He won the Pwnie Award 3 times and was nominated 6...