Codegate 2013 YUT Challenge: Forensics 100 Solution

Thanks to David, Kai, and Kevin for help with various phases of this challenge.

Padding Oracle Attack

Introduction:

HTTP Response Splitting

This blog post describes about the lesser known attack, targeted towards HTTP Headers due to improper input validation. It also describes on how other attacks can be mounted using this mechanism.

Android Security 101 -- IG Learner(Part-3)

Please check the first part of this series on Android 101, if you want to check the necessary tools and how to prepare for the app assessment.

Android Security 101 -- IG Learner(Part-2)

Please check the first part of this series on Android 101, if you want to check the necessary  tools and how to prepare for the app assessment.

Android Security 101 -- IG Learner

This app was released in this year’s Shmoocon’13 by Intrepidus Group. You can get the app from the Google play store. This app as the name suggests is an android security learner app, there are deliberate vulnerabilities in this app from bad logging to intent manipulation. There will series of blog posts which gives  a walk through of each lesson.

29c3ctf - minesweeper

Challenge Overview

Escaping Python Sandboxes

Note: This is all written for Python 2.7.3. These details might be different in other versions of Python - especially 3+!