Regular expressions have a reputation for looking like an unintelligible mishmash of random symbols. While it's true that most regular expressions tend toward this form, they don't have to: it's possible to write an elegant regular expression. Background If you're already familiar with the basics of regular expressions, you can skip this section. In their … Continue reading Writing Elegant Regular Expressions
Some logs are simple and small enough to process with common spreadsheet software like Excel and Google Sheets. While this particular access log is both simple and small enough that it could probably be coerced into a spreadsheet, that usually isn't a viable solution for access logs in the real world. Web servers often receive … Continue reading Summer Camp 2020 – Log Analysis
Prerequisites You should have already read the previous guide, Breaking Web Applications for Beginners. Even if you're not a beginner, you should at least skim that guide.You should be at the point where you're able to get through the reconnaissance and identification phases quickly for all but the toughest challenges. Overcoming hurdles as an experienced … Continue reading Advanced Tips on Web Application Hacking
The story so far:In the beginning the Internet was created—without any security. This has resulted in countless headaches and been widely regarded as a bad move. ― Douglas Adams (mostly) Prerequisites While this guide doesn't require extensive web development knowledge, it does require a basic understanding of HTTP. In particular: You'll need to know how … Continue reading Breaking Web Applications for Beginners
Humans are bad at passwords. It's true. We're terrible at making them, we're terrible at remembering them, and we're terrible at assessing their quality. It's difficult to emphasize just how terrible we are without demonstrating just how easy they are to break—so that's exactly what we're going to do.
Network traffic analysis can be overwhelming. Even with a solid foundation, it's not unusual for a packet capture to contain so much data that it's difficult to get a sense for what's going on. Improving your analysis techniques can mean the difference between wasting hours on a challenge and solving it in five minutes. Prerequisites … Continue reading Secret Information in Network Traffic Logs: NTA for NCL
Not to be confused with open source software, open source intelligence, often abbreviated OSINT (and not OSI), is the practice of gathering and analyzing information from public sources. This is not to be confused with OSI (which is the Open Systems Interconnection model for networking). Not that many people confuse this. It's mostly just Kait … Continue reading Open Source Intelligence for the National Cyber League Games