I’ve recently published all my writeups for CySCA 2015’s Web Pentest component as well as Corporate Pentest, however, Corporate Pentest is incomplete.

Corporate Pentest

Some writeups based on my experience during the competition. This was the first time I had ever experimented with corporate pentest style problems, hence why I did not get very far. I do, however, wish to share my experience.

  1. Danger Zone
  2. Sales Pitch
  3. Explain This: Sales Pitch
  4. Murphys Law
  5. Flash Flood

Web Applications Pentest

Whilst writing these writeups, I actually stepped through them using the CySCA 2015 challenges, rather than guessing them from the notes I had taken during the competition.

CySCA have yet to release a “CySCA In A Box” yet, so I thought, rather than just making the challenge work just for me, I thought it would be beneficial to create a Vagrant environment so that anyone can get the challenges up and running in no time at all.

Head on over to this repo/page on my github for instructions on getting set up.

  1. In Plain Sight
  2. Bots Dream Of Electric Flags
  3. The Eagle Has Landed
  4. Love Letters
  5. Business Excellence
  6. Turn It On And Off
  7. Terminal Situation

If you’ve got any questions, feel free to tweet me: @nickw444