date_range 04/27/2020This blogpost is a work of extensive full-time research using publicly available sources of information. I do not have any insider information, therefore I am limited to Open Source Intelligence. That said, even with a limited number of sources, there is too much information on the topic and it’s impossible to include all of it without making the blogpost impossibly long. I tried to condense the material as much as I could and provide as many references as I could, so that you could all examine the information I used to draw conclusions, if you would like to. Many of the sources I list are in Russian, but you should still be able to examine most of them with Google’s page translation. Please report any broken links and I’ll do my best to fix them.
TG:HACK CTF 2020 has been very interesting and intellectually challenging. It made me bang my head on the desk repeatedly in the hopes of numbing the pain of not being able to solve some of the challenges. In the end, I managed to figure out all but the two of the hardest challenges. My writeups are intended to cover the whole process of solving a challenge, so if you don’t want a detailed explanation, just scroll to the payloads.
VolgaCTF 2020 was a pleasant surprise to me as a fan of web application challenges. College and work had taken away my free time to do CTF’s, so coming into these challenges I was extremely rusty. Thankfully it was engaging enough for me to stick around for the whole duration of the CTF and I enjoyed “Library” in particular. As always with my writeups, i’ll try to not just provide the payloads you need, but the logic behind them and how the vulnerabilities were discovered. The challenge started off a bit rough on Friday - people were bruteforcing the website so much, they caused a denial of service and it would refuse connections for half of the first day. Me being the dumbass that I am, thought it was an error that’s part of the challenge, so I spent an unhealthy number of hours trying to get a hold of the token to authenticate. This writeup is intended for beginners, which I myself am, so if you don’t want a detailed explanation of steps, this writeup isn’t for you.
Less than a year after passing the Security+, I can finally proudly say that I passed CySA+ as well. I set my sights on this exam the same day I passed the Security+ and I focused on studying for it extensively over the past two months. I passed it with 845 out of 900 and was really surprised at how well it went despite the fact that CompTIA recommends you to have 3-4 years of technical experience minimum. I’ve got 0. I have no IT or Security work experience, but what I do have is determination and the will to succeed. If such an underqualified 20 year old could pass this exam thanks to those two things, you can as well. The purpose of this blogpost is to share some of the things I found helpful during my studies for it. I explored a diverse range of study materials and I will tell you which ones worked for me and which ones didn’t.
Security+ is an industry standard certfication that is very popular and held in high regard. CompTIA recommends you to have an Network+ level of knowledge combined with two years of IT administration experience with a focus in Security before you go for this exam, but that is nothing more than a recommendation. You can easily pass this exam with no IT work experience and without a Network+ behind you. I did and so can you. I initially passed this exam in December of 2018, but over time i realized that my tips and tricks were too surface-level, so i rewrote my blogpost entirely with extra information for you. I hope you find it at least remotely useful.