In this lesson we explained the importance of port scanning as the first step in the information gathering process. We demonstrate how to write a basic port scanner in python and then go on the introduce Nmap the industry leading port scanning tool.
A basic introduction to buffer overflows. The download button will download a zipped file that include the lesson PDF as well as several source files. These source files, as described in the write up, range from a very simple buffer overflow example to a more advanced example that explains how to gain arbitrary code execution on the remote server.
The lesson explains, on a high level, the intricacies of the 802.11n standard and how to exploit PSK networks in order to brute force a users password. Several other wireless topics such as deauthentication are also covered.
The first workshop in our workshop series in which students are encouraged to find the three XSS vulnerabilities on our test website. The website was built purposely vulnerable with one of each type of XSS vulnerability -- stored, reflected, and DOM based. To follow the workshop, visit youcanthack.me:1234 and follow the workshop pdf that can be found both right here and on the vulnerable web page.
Summary of examples for solving common CTF pwn challenges.
Tools: pwntools, gdb, Ghidra, ROPgadget.
Topics: stack buffer overflow, format string, overwriting GOT, ROP.
Challenges taken from SunshineCTF2020 speedruns 00-17.
Prior to each weeks lesson we aim to create a PDF which highlights the contents of that given
Said PDFs can be download here the day of the lesson. Click on the title to read a short description
of what is covered.