Tips for Passing SANS GIAC Exams

Read coursebook at least 3 times. Undoubtedly understand each and every concept.Practically test and be skilful in executing recommended tools and techniques in various scenarios and switches.  Undoubtedly understand the purpose, practical usage and output of each tool and techniques.  There's no need to memorize switches. Practical understanding is different from memorization. Being open-book doesn't mean it's extremely theoretical. You won't literally have a lot of time to open book to seek answers.  Thorough understanding of coursebook is required.   Roughly only round 30% from coursebook might be encountered.  The rest were from case studies that make you derive answers based on given situations/screenshots. Subscribe NetWars access that save you time from troubleshooting with never-tried-before tools and making things work as per course book; hence it lets you absorb materials faster.  From there, you can set up tools in your wide array of VMs/test laptops.  There…

Java: setCharacterEncoding NOT affected by HTTP Response Splitting

<% String attacker_controlled_charset = "ISO-8859-1%0d%0aHacked-Response-Header: 1337";response.setCharacterEncoding(attacker_controlled_charset);%>

Regular Expression Denial of Service - Java Demo | Practical Exploitation

[INFO] Executing Regular Expression check on AAAAAAAAAA
[RESULT] String did not match
[INFO] Ended Regular Expression...

Loose source checking - why referer bypass occurs

Insufficient checking was commonly associated with the flaw that allows bypasses to happen.

This happened when Programmers checks only for "containment" rather than thorough implementation of checking.

public class LooseSourceCheck { public static void showExample(String url){ try{ if(url.startsWith("http://trustedsubdomain")){ System.out.print(String.format("Trusted subdomain: ", url)); } else { throw new IOException("Untrusted subdomain: " + url); } } catch(Exception ex){ } } } Secure:

public class StrictSourceCheck { public static void showExample(){ try{ String[] approved_hosts = { "", "", "", "" }; String url = …

Base CTF 2016 Pwn Challenges and Writeup ( Part V )

Pwn06: Try Harder! by Ye Yint Min Thu Htut

Challenges Download: Solution:
let begin with debugger.
Damn, he wanted “BABE” ! ;) So, let find the crash point and combine into final payload.

Done ! :) Enjoy guys ! Ye Yint Min Thu Htut

Base CTF 2016 Pwn Challenges and Writeup ( Part IV )

Pwn05: Talk another one ! by Ye Yint Min Thu Htut

Challenges Download: Solution:
It is simple buffer overflow challenge. You have to find crash point and function address to print flag.Let create pattern to find crash point as smart way.

Save as pwn. Run with the debugger and load the payload to get offset.

Then, let explore the suspected function.

Got it at 0x0804846b !
 Let create final payload to get flag.
 Pwned ! :)
Enjoy guys ! Ye Yint Min Thu Htut

Base CTF 2016 Pwn Challenges and Writeup ( Part III )

Pwn04: Bypass me ! by Ye Yint Min Thu Htut

Challenges Download: Solution:

For this challenge, you have to bypass ARP filtering to get grant. Let seek for authorized MAC address.

Found 00:0C:29:04:a1:a , you can fuzz [0 to F] to get last char and replace with your existing MAC address.

Easy ? :)
Cheers ! Ye Yint Min Thu Htut