DEV Community

Cover image for Fun Infosec Writeups from GH
Rake
Rake

Posted on

Fun Infosec Writeups from GH

The Quest for Knowledge

Navigating the domain of information security can often feel like traversing through a maze. But resources like GuidedHacking.com are excellent at aggregating and presenting the best content for you. As hackers continually push the boundaries of what's achievable, it becomes paramount to stay updated with the latest vulns, exploits & more importantly how to defend against them. Here's a look at some interesting tutorials from GH.

CSCG PWN Challenge Writeup

Diving into the deep trenches of cybersecurity, it's crucial to analyze real-world challenges and their solutions to elevate our understanding. One such intriguing example is from the 2021 CSCG PWN Challenge Writeup. This post meticulously covers the key strategies employed to tackle this year's CSCG PWN challenge. With detailed steps and techniques, it presents a walk-through, illuminating the path for budding cybersecurity professionals to grasp the intricacies of PWN challenges.

Image description

Blockchain Security: An Ethernaut's Greeting

Blockchain has gone insane, it's EVERYWHERE! However, like any other technology, it's not immune to security vulnerabilities. To get a deeper insight into blockchain vulnerabilities, the article on Blockchain Security: Hello Ethernaut Walkthrough offers a comprehensive analysis. The write-up details a step-by-step process on how one can exploit vulnerabilities in Ethernaut, making it a must-read for software engineers who wish to secure their blockchain platforms.

Image description

SSTI: Server-Side Template Injection

Server-Side Template Injection, or SSTI, is an attack where an attacker can insert malicious code into a server-side template, resulting in arbitrary code execution. The post on SSTI elaborates on its potential hazards and how it works.

Image description

Attacking IPv4 & IPv6 Vulnerabilities

In the vast realm of networking, IP addresses play a pivotal role. IPv4 and IPv6 are the foundational pillars that support our global internet infrastructure. Yet, like most technologies, they aren't devoid of vulnerabilities. For those aiming to delve into the minutiae of IP vulnerabilities, this article on attacking both IPv4 and IPv6 vulnerabilities is an invaluable resource. It delineates the inherent weaknesses in both IP versions, offering methods and techniques for discovering and exploiting these soft spots.

Image description

All this and more at GuidedHacking.com

If this content interests you, be sure to check us out.

Here is a recent review we received from a customer:

As a professional Red Team operator GuidedHacking is an invaluable learning resource for me, and the skills learned hacking video games transfer over to my professional career nearly 1:1.

Take for example DLL Injection into into a process, something our malware does on a regular basis is to inject its code into the runtime of another program to gain access to its memory space and execution context allowing us to evade application allow listing or other forensics efforts.

Next being able to hook or call a function of the infected process something you might see in a trigger bot, could allow you to grab encrypted content without knowing the key or cracking the hash which is great for stealing credentials from running programs.

Then TTPs around evading anti-cheat software are very similar to evading EDR solutions (and generally anti-cheat is better implemented). So learning to identify what a trampoline in a kernel API looks like then restoring the original code can allow you to evade behavioral malware detection.

All that to say GuidedHacking provides invaluable learning resources for much cheaper than other technical resources. Not only for exploiting your favorite video games which makes the learning fun! It can also open doors to way more opportunities if you put the time and effort into learning and applying the content.

Top comments (0)