[MISC] Kali Linux in 3 seconds with Docker

I’m sure you have already been in the same situation than me. You’re working at a client’s house for a penetration test, a tight time slot for your tests, no downtime. You arrive a little late in the morning (thanks to the strikes) and your virtual machine containing all your tools doesn’t want to start (I knew I shouldn’t have play with my bootloader yesterday night tss). No choice, you have to reinstall this machine.

[CERT] Post attack analyses ZedCorp Challenge - My name is Rookie

The ZedCorp challenge alias “My name is Rookie” was a realistic challenge proposed at Hacklab ESGI CTF 2019. ZedCorp is a small startup who work in computer science and particulary in development. The goal was to recover confidential files owned by the CEO. For this recap, I want to do some analyses on my challenge to know how challengers proceed to solve it. There is some fun facts :D You can read writeups here to understand the context :

[WEB] Bypass file upload filter with .htaccess

I think you know what I am talking about. The “file upload” vulnerability is familiar for you ? Nice. So you know how it could be difficult to bypass protection to upload a webshell. I will show you a little technique to add to your test when you are trying to exploit file upload :) This technique is inspired from the challenge l33t-hoster of the Insomni’hack Teaser 2019 CTF So follow the guide !