Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Starting the New Year on the right foot - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Starting the New Year on the right foot

 

Kick off the New Year by solving a hands-on adventure to fire up any dulled brain cells, lulled in to hibernation over the last few weeks’ festivities.
 
Ed Skoudis and Tim Medin created a fun, hands-on technical challenge providing a wonderful piece of learning and a number of marvellous trials to understanding uncover flaws in web applications. We, the defenders, need to understand the attackers approaches in seeking chinks in web application’s armour and manipulate flaws, mis-configuration and untested logic to their own ends; this mischievously engaging, and possibly enraging, puzzle helps build our skills.
 
Without further to-do, leap forth and battle Mr Skoudis’ and Medin’s Holiday Challenge:
 
http://pen-testing.sans.org/holiday-challenge/2012
 
Not sure what tools to use to get started understanding the nooks and crannies of the web applications? Kevin Johnston's, fellow ISC Handler, Samurai Web Testing Framework - a LiveCD focused on web application testing - is a perfect companion for this adventure. 
 
Have fun learning and practicing!
 
Setting up WTF Samurai on VMware:
http://blog.taddong.com/2012/09/how-to-create-samuraiwtf-20-virtual.html
 
[1] WTF Samurai download http://sourceforge.net/projects/samurai/ 
Ps the password for WTF Samurai is samurai [2]
[2] In case you forget: http://www.whatisthesamuraipassword.com/
 

 

Chris Mohan --- Internet Storm Center Handler on Duty

Chris

105 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!