Request a Demo Contact Us
Bring the power of crowdsourcing to red teams with Bugcrowd RTaaS!
Learn More

From Ctf to Cve: How Application of Concepts and Persistence Led to a Vulnerability Disclosure

 

As an industry, we are always looking for ways to sharpen our skills. We have education, certifications, and mentorship programs. A staple at Defcon as well as most other conferences is the Capture the Flag (CTF) competitions. As a blue teamer, in an effort to sharpen my skills, I started downloading CTF VMs and working through them. For more applicability, I started applying these concepts to things outside the CTF for bug bounties, but to no avail. As luck would have it, I left Burp on and logged in to configure my lab wireless router to use for testing and learning wireless hacking. While the antennae that I bought to attack wireless were being used, they weren’t being used in the same sense of attack. I logged into the router and noticed several vulnerabilities in the router’s authentication scheme. This presentation breaks down the concepts of the CTF and how I applied them through the research and responsible disclosure process.

More resources

Guide

Ultimate Guide to Crowdsourced Security in the Public Sector

Read More
eBooks

Ultimate Guide to Red Teaming

Read More
Guide

Guide to Working with Hackers

Read More

Get Started with Bugcrowd

Every minute that goes by, your unknown vulnerabilities leave you more exposed to cyber attacks.