Write-up for hxp 2020 CTF challenges
There are two parts to this post
1. Initial Setup
2. Challenge Solution
If you are looking for hands-on approach rather then just reading the solution then I would suggest you to go through the initial setup first. There are no spoilers about the challenge in the initial setup.
Firstly I would suggest you to download the CTF challenge’s source code. The CTF website doesn’t currently host the challenges but nevertheless the website provides links to download the source code for the challenge they hosted. …
How could such a solution come to existence? What could be the business models of such future security?
Anti-Virus and Anti-Malware could be provided soon as a solution from the OEM or third party vendors for the Connected cars, devices and homes of the future.
Quick notes on Azure Blueprints | Az-500 series
Adhering to security or compliance requirements, whether government or industry requirements, can be difficult and time-consuming. To help you with auditing, traceability, and compliance of your deployments, use Azure Blueprint artifacts and tools.
Azure Blueprints is a declarative way to orchestrate the deployment of various resource templates and other artifacts, such as:
Just as a blueprint allows…
Notes on Azure AD connect and it’s services | Az-500 series
Azure AD Connect is a software tool which is to be downloaded on the on-premise server. This software tool helps the Azure AD service sync the user identities from the on-premise AD. This way one can have consistency in the user manged both on on-premise and on cloud. The tool has various features and supports AD federated Services as well.
Synchronization services: It provides users groups and other objects in on-premise AD (AD Domain Service) be synchronized with the Azure AD…
The near-future of Security in Big Data, Data science and Machine learning
Secure Multi-Party Computation (SMPC) is a sub-field of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private.
Unlike traditional cryptographic tasks, where cryptography assures security and integrity of communication or storage and the adversary is outside the system of participants, the cryptography in this model protects participants’ privacy from each other.
With the help of Secure Multi-Party Computation, individual data shared by each party will not be readable by anyone in the consortium. …
Understanding what it is.
Port knocking is a clever way to obscure the services and ports of a system. The very foundation of this technique took place on the fact that only open ports can cause security problems. So, this technique makes sure that none of the port is open initially. Now, one would ask, if there are no ports open then how would communication take place? Well, the answer lies in the capability to secretly knock a combination of fixed ports.
For example, if I want to connect via SSH to a server, I could build a backdoor on…
Secure Coding: It is a practice of implementing the product designed without any bugs or vulnerabilities in code.
Secure coding could be put in action through various forms:
What should be the mind-set of the developer for secure coding?
The developer should be familiar with the best practices of secure coding and also the security functions available in a language-framework he/she is…
A fitness app revealed the secret military bases around the world
Strava a popular Fitness tracking app got into headlines in 2018 for putting out a publicly accessible heat-map of their users, which upon careful examining could potentially leak information about the secret military base around the globe.
I know many of you might be thinking — Like what??
Yeah, with the growing trend of data analytics has posed more threat what could be publicly exposed. Data analytics has shown that if one infers data in the right way he can get unexpected trends and results.
Anyone wearing a fitness…
Solving the Google CTF challenge with just the Browser’s developer tools
BNV challenge from 2019 is the very first CTF challenge I had ever tried out after having a fair amount of experience in Information Security. This challenge was vital for me, as it was my first Hands-on experience.
After looking around to choose a CTF to start, the obvious choice for a naive guy would be to go with Google CTF, the CTF has concluded, but the challenge is still available for anybody to solve.
By default, the challenge is a redirect to Web-based challenges, and BNV was right…