Request a Demo Contact Us
Attending Black Hat USA 2022? Come visit us to grab swag, hear talks, and see live demos!
Learn more

From Ctf to Cve: How Application of Concepts and Persistence Led to a Vulnerability Disclosure

 

As an industry, we are always looking for ways to sharpen our skills. We have education, certifications, and mentorship programs. A staple at Defcon as well as most other conferences is the Capture the Flag (CTF) competitions. As a blue teamer, in an effort to sharpen my skills, I started downloading CTF VMs and working through them. For more applicability, I started applying these concepts to things outside the CTF for bug bounties, but to no avail. As luck would have it, I left Burp on and logged in to configure my lab wireless router to use for testing and learning wireless hacking. While the antennae that I bought to attack wireless were being used, they weren’t being used in the same sense of attack. I logged into the router and noticed several vulnerabilities in the router’s authentication scheme. This presentation breaks down the concepts of the CTF and how I applied them through the research and responsible disclosure process.

More resources

LevelUp

Code That Gets You PWN(S|’D)

Learn More
LevelUp

AEM hacker – Approaching Adobe Experience Manager Web Apps

Learn More
Webinar

What Security Leaders Should Know About Hackers

Watch Now

Get Started with Bugcrowd

Every minute that goes by, your unknown vulnerabilities leave you more exposed to cyber attacks.