OWASP VicNum Project

Vicnum is a training game put out by OWASP. If you play the game the first page will ask you for your name. Enter anything then hit continue. I typed ‘Name’. You should be at this URL now:

Simple Intro to Interposition in C

This is a toy program that we want to monkeypatch. It really doesn’t do anything except call socket().

Beware: A New Approach To Cyber Security That's Not Safe For Coders

Hi there! So this post will be the first in a series that focuses on an interdisciplinary approach to cyber security- with an emphasis on finance.  The series of posts will address the growing evidence that security can only be achieved through a thorough, well-rounded understanding of all the issues that play a role in cyber security.  Thanks for reading, and I hope you enjoy!              

Gera's Insecure Programming Format String #1

A well-known set of vulnerable programs to practice exploitation can be found at gera’s insecure programming. I will go through several challenges over the coming weeks. Ideally, I want to complete them all. Let’s see how far I can go. In this post I will go over how to solve format string #1 (fs1.c).

HowTo: Metasploit Autopwn Quick Guide

  1. Run metasploit:

Weaponizing a XSS vulnerability.

In which we weaponize an XSS bug in Frog CMS 0.9.5

iCTF Overview

In early December, Poly’s Brooklynt Overflow participated in UCSB’s annual iCTF.