No Security

Recent Posts

  • January 17, 2021

    Global Collegiate Penetration Testing Competition

    The Collegiate Penetration Testing Competition is a one of a kind cybersecurity competition that trains students to be future consultants by letting them loose on a penetration testing engagement in a realistically simulated business environment. Teams of up to 6 students perform a penetration test against the fictitious business and document the findings in a penetration testing report.

  • April 27, 2020

    Russian Bot Operations and Origins

    This blogpost is a work of extensive full-time research using publicly available sources of information. I do not have any insider information, therefore I am limited to Open Source Intelligence. That said, even with a limited number of sources, there is too much information on the topic and it’s impossible to include all of it without making the blogpost impossibly long. I tried to condense the material as much as I could and provide as many references as I could, so that you could all examine the information I used to draw conclusions, if you would like to.

  • April 11, 2020

    TG:HACK CTF 2020 - Web

    TG:HACK CTF 2020 has been very interesting and intellectually challenging. It made me bang my head on the desk repeatedly in the hopes of numbing the pain of not being able to solve some of the challenges. In the end, I managed to figure out all but the two of the hardest challenges. My writeups are intended to cover the whole process of solving a challenge, so if you don’t want a detailed explanation, just scroll to the payloads.

  • March 29, 2020

    VolgaCTF 2020 - Library

    VolgaCTF 2020 was a pleasant surprise to me as a fan of web application challenges. College and work had taken away my free time to do CTF’s, so coming into these challenges I was extremely rusty. Thankfully it was engaging enough for me to stick around for the whole duration of the CTF and I enjoyed “Library” in particular. As always with my writeups, i’ll try to not just provide the payloads you need, but the logic behind them and how the vulnerabilities were discovered. The challenge started off a bit rough on Friday - people were bruteforcing the website so much, they caused a denial of service and it would refuse connections for half of the first day. Me being the dumbass that I am, thought it was an error that’s part of the challenge, so I spent an unhealthy number of hours trying to get a hold of the token to authenticate. This writeup is intended for beginners, which I myself am, so if you don’t want a detailed explanation of steps, this writeup isn’t for you.

  • September 25, 2019

    CySA+ Tips and Tricks

    Less than a year after passing the Security+, I can finally proudly say that I passed CySA+ as well. I set my sights on this exam the same day I passed the Security+ and I focused on studying for it extensively over the past two months. I passed it with 845 out of 900 and was really surprised at how well it went despite the fact that CompTIA recommends you to have 3-4 years of technical experience minimum. I’ve got 0. I have no IT or Security work experience, but what I do have is determination and the will to succeed. If such an underqualified 20 year old could pass this exam thanks to those two things, you can as well. The purpose of this blogpost is to share some of the things I found helpful during my studies for it. I explored a diverse range of study materials and I will tell you which ones worked for me and which ones didn’t.