Ctf
Capchan – Solving CAPTCHA with Image Classification
A few years ago, I tried my hand at the, now retired, CAPTCHA Forest CTF, which was part of the nullcon HackIM 2019. I wanted to solve it using computer vision and machine learning. This started me on a path of discovery and incremental improvements that finally resulted in capchan, a generic CAPTCHA to text tool. This post is broken into four parts: The first CTF The second CTF Neural…
Deck of Cards CTF
I created a small crypto style CTF for Black Hat last year (we’re training again this year, check our courses out) and hid the starting point in an “easter egg” on a deck of cards. The deck of cards are a custom design by the SensePost training team, which were themed around hacking and were handed out during the conference. This post covers how we built it, and how to…
Black Hat Card Deck CTF
In 2023 we, the training team within Orange Cyberdefense and specifically Ulrich Swart, Matthew Hughes and myself, attempted to do something a little different for Black Hat with regards to our in class competition. Each year we give a select few students some swag for portraying the most “plakker” mindset, being active in class, or finding another method to solve the practical. The concept we decided to explore that year…
me vs request smugglingPOST
I’ve come to realise that I wasn’t the only one that has never actually exploited an HTTP Request Smuggling vulnerability, three years after James Kettle reminded the world of it. Like many, I’ve seen the buzz, read it all, thought I understood it, but honestly, I didn’t. While the potential impact sounds great from an attacker perspective, I’ve been mostly confused by a lot of it. That was until the…
sensecon 2021 – wargames edition
If last year taught us anything, it was that we can move quickly to organise a fully online hacker conference in little over a month. This year our annual, internal hacker conference ran from the 16th to the 18th of September, was attended by 102 hackers from 9 countries across 2 timezones, and was once again filled with epic hacks and laughs! In this post I’ll tell you more about…
Hack-From-Home Challenge Walk Through
On the 27th of April 2020 SensePost created a CTF challenge (https://challenge.sensepost.com) for the public. The names of those who managed to capture flags would be placed in a draw for a seat on one of SensePost’s upcoming training courses. The challenge was to grab as many of the four flags as you could. Each flag was harder to get than the previous. The challenge started with a simple engage…
Page 1 of 1