search
top

SANS 542 – Winning the CTF Event – Coinage

SANS 542 – Winning the CTF Event

I just finished taking the SANS 542 vLive class on Web Application Penetration testing. During the last week (week 6) of the course, we have a CTF (Capture The Flag) event, where you team up with other classmates to exploit systems in a special SANS virtualized environment.

In our event, it started off being a bit unfair where the team I was on had 1 other person with me. While, the team on the other end had 4 members, so it was a 4 vs. 2 battle for most of the CTF. SANS has a similar environment as to one you would see at SANS Netwars. There is an area to create a team name, see your team rank and scores, as well as questions that are asked to you.

In the event our team thepentestninjas won the event leading the other team by over 100 points. We compromised all of the servers on the network, and completed the Level 3 mark. We however, got the very last system with 1 minute to spare.

SANS now has started a new program where they give out special SANS coins to winners of these types of events.

What is a SANS Pentest Coin?

(more…)

Passing The GSEC Exam

Passing The GSEC Exam

So, I’ve officially nailed down another Information Security certificate. And, this time a certificate from the SANS Institute with their GIAC- GSEC certificate. I thought I’d make a post for other people that plan to challenge the exam, and share my own personal experience through it all.

Is it Right For Me ?

The big question would be why are you thinking of obtaining this certificate? Does your work require it? Are you new to the information security field and want a better foothold into the industry? Do you wish to gain more knowledge and/or a higher quality of training? If it’s any of those reasons apply to you, then I would definitely point you towards getting your GSEC certificate.

Preparing For The Exam

So some may ask how they can best prepare for the exam? (more…)

Why No Padlock?

SSL Scanning Websites

So today, I came across a website that does a quick SSL test on your website.

Anyone with a website should really be running this tool. I actually did find a few minor issues and was able to gather some info about it.

Our Results

Here is what we got for our results:

whynopadlock

whynopadlock

 

It’s looking good for us and especially since we have forced all our internal links to make use of HTTPS

I also wanted to list a bad result as shown below.

(more…)

top