I’ve recently published all my writeups for CySCA 2015’s Web Pentest component as well as Corporate Pentest, however, Corporate Pentest is incomplete.
Some writeups based on my experience during the competition. This was the first time I had ever experimented with corporate pentest style problems, hence why I did not get very far. I do, however, wish to share my experience.
Web Applications Pentest
Whilst writing these writeups, I actually stepped through them using the CySCA 2015 challenges, rather than guessing them from the notes I had taken during the competition.
CySCA have yet to release a “CySCA In A Box” yet, so I thought, rather than just making the challenge work just for me, I thought it would be beneficial to create a Vagrant environment so that anyone can get the challenges up and running in no time at all.
Head on over to this repo/page on my github for instructions on getting set up.
- In Plain Sight
- Bots Dream Of Electric Flags
- The Eagle Has Landed
- Love Letters
- Business Excellence
- Turn It On And Off
- Terminal Situation
If you’ve got any questions, feel free to tweet me: @nickw444