Stay at 127.0.0.1. Wear a 255.255.255.0.
Write-up: Lockdown
Write-up: Initial Access Pot
“We sell hundreds of DeceptiPots to the world every month, but we don’t even use them in our network. Show me the value of our product, test it well, and schedule the demo. Deadline – next Monday!”
This is the task Emily Ross received from the company CEO. As a newly hired junior IT personnel at DeceptiTech, Emily didn’t really know what to do but still decided to prepare for the demo: Configure DeceptiPot to replicate a corporate WordPress blog, deploy the machine in the corporate DMZ, expose it to the Internet, and see what it captures over the weekend. Little did she know, threat actors around the globe enjoyed testing the DeceptiPot, too! Can you find out how the attack on DeceptiTech started?
Write-up: The Sticker Shop
Your local sticker shop has finally developed its own webpage. They do not have too much experience regarding web development, so they decided to develop and host everything on the same computer that they use for browsing the internet and looking at customer feedback. Smart move!
Write-up: Injectics
Can you utilize your web pen-testing skills to safeguard the event from any injection attack?
Write-up: Whats Your Name?
Never click on links received from unknown sources. Can you capture the flags and get admin access to the web app?
This challenge will test client-side exploitation skills, from inspecting JavaScript to manipulating cookies to launching CSRF/XSS attacks.
Write-up: Biblioteca
Shhh. Be very very quiet, no shouting inside the biblioteca.
Write-up: Hammer
Use your exploitation skills to bypass authentication mechanisms on a website and get RCE.
Write-up: Extract
The librarian rushed some final changes to the web application before heading off on holiday. In the process, they accidentally left sensitive information behind! Your challenge is to find and exploit the vulnerabilities in the application to extract these secrets.
Write-up: InfinityShell
Cipher’s legion of bots has exploited a known vulnerability in our web application, leaving behind a dangerous web shell implant. Investigate the breach and trace the attacker’s footsteps!
Docker Context Issues in GitHub Actions
Building multiplatform Docker images in GitHub Actions often requires custom Docker daemon configurations, but these can introduce unexpected issues. This article explores a common pitfall with Docker contexts when using the containerd image store feature, particularly when running security scans with tools like Trivy. Learn how to extract and pass the correct Docker socket to ensure seamless integration and accurate vulnerability scans.