Write-up for hxp 2020 CTF challenges

There are two parts to this post
1. Initial Setup
2. Challenge Solution

If you are looking for hands-on approach rather then just reading the solution then I would suggest you to go through the initial setup first. There are no spoilers about the challenge in the initial setup.

Initial Setup

Firstly I would suggest you to download the CTF challenge’s source code. The CTF website doesn’t currently host the challenges but nevertheless the website provides links to download the source code for the challenge they hosted. …


How could such a solution come to existence? What could be the business models of such future security?

Anti-Virus and Anti-Malware could be provided soon as a solution from the OEM or third party vendors for the Connected cars, devices and homes of the future.

Content:

  1. Solution Providers
  2. Business Models
  3. Solution Requirements
  4. Market and Customers
  5. Solution Prerequisite

Solution Providers:

  1. OEMs
  2. Third-party Vendors
  3. Open-source community

Business Models:

  1. Paid — It could be One-time or yearly or monthly Subscription
    Vendors or EMS can charge a one-time fee at the time of purchase from the customer to provide these solutions. They can have an add-on or subscription model

Quick notes on Azure Blueprints | Az-500 series

Overview:

  1. Defining standard resources with Azure Blueprints
  2. Difference between Azure Blueprints and Azure Resource Manager Templates
  3. Difference between Azure Blueprints and Azure Resource Manager Templates

Defining standard resources with Azure Blueprints

Adhering to security or compliance requirements, whether government or industry requirements, can be difficult and time-consuming. To help you with auditing, traceability, and compliance of your deployments, use Azure Blueprint artifacts and tools.

Azure Blueprints is a declarative way to orchestrate the deployment of various resource templates and other artifacts, such as:

  • Role assignments
  • Policy assignments
  • Azure Resource Manager templates
  • Resource groups

Just as a blueprint allows…


Notes on Azure AD connect and it’s services | Az-500 series

A generic depiction of Azure AD Connect data flow

What’s Azure AD connect?

Azure AD Connect is a software tool which is to be downloaded on the on-premise server. This software tool helps the Azure AD service sync the user identities from the on-premise AD. This way one can have consistency in the user manged both on on-premise and on cloud. The tool has various features and supports AD federated Services as well.

What does Azure AD connect provide?

  1. Synchronization services
  2. Active Directory Federation Services
  3. Health Monitoring

Synchronization services: It provides users groups and other objects in on-premise AD (AD Domain Service) be synchronized with the Azure AD…


The near-future of Security in Big Data, Data science and Machine learning

Multiple parties are sharing data to find results on the data collectively acquired

Definition:

Secure Multi-Party Computation (SMPC) is a sub-field of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private.

Unlike traditional cryptographic tasks, where cryptography assures security and integrity of communication or storage and the adversary is outside the system of participants, the cryptography in this model protects participants’ privacy from each other.

In layman’s terms

With the help of Secure Multi-Party Computation, individual data shared by each party will not be readable by anyone in the consortium. …


Understanding what it is.

What is Port knocking?

Port knocking is a clever way to obscure the services and ports of a system. The very foundation of this technique took place on the fact that only open ports can cause security problems. So, this technique makes sure that none of the port is open initially. Now, one would ask, if there are no ports open then how would communication take place? Well, the answer lies in the capability to secretly knock a combination of fixed ports.

For example, if I want to connect via SSH to a server, I could build a backdoor on…


Secure Coding, the pillars for Ivory Tower of Security

Secure Coding: It is a practice of implementing the product designed without any bugs or vulnerabilities in code.

Secure coding could be put in action through various forms:

  1. Tweaking the compiler in the development to flag the warnings as errors.
  2. Peer-Code review.
  3. Automate testing of the code on boundary conditions.
  4. Use libraries which been tested for vulnerabilities.
  5. Enlightening the Developer on how critical is secure coding.

What should be the mind-set of the developer for secure coding?

The developer should be familiar with the best practices of secure coding and also the security functions available in a language-framework he/she is…


A fitness app revealed the secret military bases around the world

Strava’s Global Heat Map

Strava a popular Fitness tracking app got into headlines in 2018 for putting out a publicly accessible heat-map of their users, which upon careful examining could potentially leak information about the secret military base around the globe.

I know many of you might be thinking — Like what??

Yeah, with the growing trend of data analytics has posed more threat what could be publicly exposed. Data analytics has shown that if one infers data in the right way he can get unexpected trends and results.

Anyone wearing a fitness…


Solutions for WE01, WM03 and WH03

WE01:

Basic Directory traversal

Upon opening the webpage I see a nearly empty page, HTML, JS.


Solving the Google CTF challenge with just the Browser’s developer tools

Background:

BNV challenge from 2019 is the very first CTF challenge I had ever tried out after having a fair amount of experience in Information Security. This challenge was vital for me, as it was my first Hands-on experience.

After looking around to choose a CTF to start, the obvious choice for a naive guy would be to go with Google CTF, the CTF has concluded, but the challenge is still available for anybody to solve.

By default, the challenge is a redirect to Web-based challenges, and BNV was right…

Pranava K.V

Background: Graduate from IIT long back | Hobbies: Exploring tech, blogging, enjoying science and art | Free time activities: Watching F1, Cricket and Anime

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store