Request a Demo Contact Us
Need a Pen Test? Get Started Now!
Learn More

From Ctf to Cve: How Application of Concepts and Persistence Led to a Vulnerability Disclosure

 

As an industry, we are always looking for ways to sharpen our skills. We have education, certifications, and mentorship programs. A staple at Defcon as well as most other conferences is the Capture the Flag (CTF) competitions. As a blue teamer, in an effort to sharpen my skills, I started downloading CTF VMs and working through them. For more applicability, I started applying these concepts to things outside the CTF for bug bounties, but to no avail. As luck would have it, I left Burp on and logged in to configure my lab wireless router to use for testing and learning wireless hacking. While the antennae that I bought to attack wireless were being used, they weren’t being used in the same sense of attack. I logged into the router and noticed several vulnerabilities in the router’s authentication scheme. This presentation breaks down the concepts of the CTF and how I applied them through the research and responsible disclosure process.

More resources

eBooks

Top 10 Considerations When Choosing a Pen Test Partner

Read More
Webinar

How the Government is Partnering with an Ethical Army

Watch Now
LevelUp

The Law and You: Reducing the Cost of Free Speech

Learn More

Get Started with Bugcrowd

Every minute that goes by, your unknown vulnerabilities leave you more exposed to cyber attacks.