A recent engagement lead me down a path to break a (very likely) homebrewed password hashing algorithm for a somewhat widely used application. There is a good reason for the old aphorism of “never roll your own (crypto)”. Secure hashing and encryption algorithms available today have undergone rigorous testing and scrutiny to prove and validate their security, and even then with the best cryptographers performing analysis, there are always new vulnerabilities coming to light for algorithms that disprove their security over time. As much fun as it might be to make your own, there are plenty of reasons why this is a bad idea–especially if you are planning to implement it for applications or other purposes where security is critical.
2022-05-03 00:00:00 +0000
CrowdStrike held a really great CTF the other week that just ended which incorporated a blend of reversing, binary exploitation, cryptography, and other skills over 12 different challenges with the goal to ‘catch’ three different adversary groups.
2021-01-29 00:00:00 +0000
The second Metasploit CTF of 2020 held by Rapid 7 (I will still refer to the one held in January as the 2019 one though…) wrapped up today and my CTF team, Neutrino Cannon, managed to secure 1st place on the first day of the competition, finishing all 20 challenges. The Metasploit CTFs are always an event we look forward to as a team, and this year was once again an enjoyable and fun experience.
2020-12-07 00:00:00 +0000