from zero to zero day
play

From Zero to Zero-day How I became a hacker and why you should Carl - PowerPoint PPT Presentation

Mar 30, 2023 •157 likes •313 views

From Zero to Zero-day How I became a hacker and why you should Carl Svensson @ Detectify 5/12 2018 1 / 14 Background Biography MSc in Computer Science, KTH Head of Security, KRY/LIVI CTF: HackingForSoju E-mail: calle.svensson@zeta-two.com

  1. From Zero to Zero-day How I became a hacker and why you should Carl Svensson @ Detectify 5/12 2018 1 / 14

  2. Background Biography MSc in Computer Science, KTH Head of Security, KRY/LIVI CTF: HackingForSoju E-mail: calle.svensson@zeta-two.com Twitter: @zetatwo 2 / 14

  3. Background Agenda 1. My journey 2. Capture the Flag, CTF 3. Bug Bounties 4. Case study: RCE in GitHub Enterprise 3 / 14

  4. Background My journey Computer games C++ @ 7 years old Web sites, PHP University, engineering physics AI was cool Computer science Exchange at EPFL in Lausanne IT Security Competitive programming 4 / 14

  5. Background Capture the Flag, CTF CTF Job fair Recruitment firm Interview, Bitsec Skill test - Play with HackingForSoju Recruited - Online & offline competitions Development: Like the gym but hacking Travels: Korea, Poland, Romania, Las Vegas Solo competitions 5 / 14

  6. Background What is CTF? CTF Challenges Web Cryptography Forensics Binary exploitation "pwning" Reverse Engineering Format Jeopardy Attack/Defense Solo vs team Local vs online 6 / 14

  7. Background Community participation CTF Social media Twitter Community /r/netsec Podcasts Säkerhetspodcasten Säkerhetssnack ... a billion more ... Events Conferences: SEC-T, Security Fest Meetups: OWASP, SEC-T Spring Pub 7 / 14

  8. Background Blogs & Talks CTF Hobby projects Motivation + Time Community Conference talks SEC-T Security Fest Streaming YouTube channel Collaboration with LiveOverflow Blog - https://zeta-two.com 8 / 14

  9. Background Bug Bounties CTF Limited success previously H1-702 2017 Community H1-702: Preparations H1-702: Las Vegas 9 / 14

  10. Background Act 1, the Orange saga CTF Reversed GitHub Enterprise obfuscation Found some nice bugs Community Made a blogpost "I want the same setup!" -@avlidienbrunn RCE in This obfuscation is intended to discourage GitHub Enterprise GitHub customers from making modifications to the VM. We know this 'encryption' is easily broken. 10 / 14

  11. Background Act 2, @avlidienbrunn CTF A lot of features Source code helps Community Integrations - SSRF HTTP: Protected XMPP is not HTTP RCE in GitHub <?xml version='1.0'?><stream:stream to=' payload_lowercased_goes_here ' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org 11 / 14

  12. Background Act 3, CTF meets real world CTF localhost:6379 - Redis Worker queue Community LUA "I recognize this" CTF! RCE in SSRF -> RCE GitHub eval "redis.call('lpush', 'resque:queue:low', '{\"class\":\"'..string.char(71)..'it'.. string.char(72)..'ub::'..string.char(74).. 'obs::'..string.char(85)..'ser'..string.char(83).. 'uspend\",\"args\":[10,\"n00b\"]}'`)" 0 eval "redis.call('lpush', 'resque:queue:low', '{\"class\":\"GitHub::Jobs::UserSuspend\", \"args\":[10,\"n00b\"]}')" 0 {"class":"GitHub::Jobs::UserSuspend","args":[10,"n00b"]} 12 / 14

  13. Background So, in summary... CTF Base: Solid programming foundation Community Curiosity Persistence Mix-in: RCE in Capture the Flag GitHub Community engagement A lot of time Result: Epilogue Hacker Useful skills Friends and network Great job opportunities 13 / 14

  14. Questions? 14 / 14

Recommend

More recommend