Request a Demo Contact Us
Bugcrowd Named a Leader in GigaOm’s Pen Test as a Service Report
Read Now

From Ctf to Cve: How Application of Concepts and Persistence Led to a Vulnerability Disclosure

 

As an industry, we are always looking for ways to sharpen our skills. We have education, certifications, and mentorship programs. A staple at Defcon as well as most other conferences is the Capture the Flag (CTF) competitions. As a blue teamer, in an effort to sharpen my skills, I started downloading CTF VMs and working through them. For more applicability, I started applying these concepts to things outside the CTF for bug bounties, but to no avail. As luck would have it, I left Burp on and logged in to configure my lab wireless router to use for testing and learning wireless hacking. While the antennae that I bought to attack wireless were being used, they weren’t being used in the same sense of attack. I logged into the router and noticed several vulnerabilities in the router’s authentication scheme. This presentation breaks down the concepts of the CTF and how I applied them through the research and responsible disclosure process.

More resources

LevelUp

Reverse Engineering with Binary Ninja

Learn More
LevelUp

Hunting “ID Substitution” Attacks for Big Dollars with Z-winK

Learn More
Report

The State of Retail Cybersecurity

Read More

Get Started with Bugcrowd

Every minute that goes by, your unknown vulnerabilities leave you more exposed to cyber attacks.