Author: wwa

Write-up: Initial Access Pot

“We sell hundreds of DeceptiPots to the world every month, but we don’t even use them in our network. Show me the value of our product, test it well, and schedule the demo. Deadline – next Monday!”

This is the task Emily Ross received from the company CEO. As a newly hired junior IT personnel at DeceptiTech, Emily didn’t really know what to do but still decided to prepare for the demo: Configure DeceptiPot to replicate a corporate WordPress blog, deploy the machine in the corporate DMZ, expose it to the Internet, and see what it captures over the weekend. Little did she know, threat actors around the globe enjoyed testing the DeceptiPot, too! Can you find out how the attack on DeceptiTech started?

Write-up: The Sticker Shop

Your local sticker shop has finally developed its own webpage. They do not have too much experience regarding web development, so they decided to develop and host everything on the same computer that they use for browsing the internet and looking at customer feedback. Smart move!

Write-up: Injectics

Can you utilize your web pen-testing skills to safeguard the event from any injection attack?

Write-up: Whats Your Name?

Never click on links received from unknown sources. Can you capture the flags and get admin access to the web app?

This challenge will test client-side exploitation skills, from inspecting JavaScript to manipulating cookies to launching CSRF/XSS attacks.

Write-up: Biblioteca

Shhh. Be very very quiet, no shouting inside the biblioteca.

Write-up: Hammer

Use your exploitation skills to bypass authentication mechanisms on a website and get RCE.

Write-up: Extract

The librarian rushed some final changes to the web application before heading off on holiday. In the process, they accidentally left sensitive information behind! Your challenge is to find and exploit the vulnerabilities in the application to extract these secrets.

Write-up: InfinityShell

Cipher’s legion of bots has exploited a known vulnerability in our web application, leaving behind a dangerous web shell implant. Investigate the breach and trace the attacker’s footsteps!

Docker Context Issues in GitHub Actions

Building multiplatform Docker images in GitHub Actions often requires custom Docker daemon configurations, but these can introduce unexpected issues. This article explores a common pitfall with Docker contexts when using the containerd image store feature, particularly when running security scans with tools like Trivy. Learn how to extract and pass the correct Docker socket to ensure seamless integration and accurate vulnerability scans.

How to Configure Renovate to Update DevContainer Images

In this blog post, we explore the process of configuring Renovate to automatically update DevContainer images. Development containers offer lightweight, portable development environments, defined through a devcontainer.json file. However, manually updating image references within this file can be tedious and error-prone.

We delve into how Renovate, an automated dependency update tool, can be tailored to handle DevContainer files efficiently. By leveraging Renovate’s custom managers and flexible template system, developers can seamlessly manage DevContainer image updates, enhancing workflow efficiency and reducing manual overhead.

« Previous