Monthly Archive for July, 2008

CSAW 2008

Published on July 23, 2008 in Conferences, Events and Press Release. 1 Comment

ISIS Lab is organizing NYU-Poly’s 5th annual Cyber Security Awareness Week (CSAW) where students can compete and win prizes in a variety of information security challenges. There will be door prizes, raffles for participating, and bonus prizes for undergrad and high school participants. Qualified finalists will receive a travel scholarship to attend the awards ceremony in New York City.

Our website with descriptions of the contests as well as winning entries from previous years is located here: http://isis.poly.edu/csaw

Also to note: many of the makers and hardware hackers in this crowd will be happy to know that we have a new embedded systems challenge this year. Check it out!

I won HOPE/Packetwars CTF!

Published on July 21, 2008 in CTF, Conferences, ISIS in the News and Press Release. 2 Comments

Of all the things that happened this weekend, I didn’t expect this! I registered but I probably wouldn’t have played if Tom Brennan hadn’t frantically raced up to me at about 6:30 on Friday to tell me that I had to =). Thanks Tom!

I’ll talk about some of the challenges I went through, but if you’re really interested in these kinds of things you should compete in one of the capture the flag competitions that I developed for these upcoming events:

  • NYU-Poly’s Cyber Security Awareness Week – A yearly event for students that our lab puts on. Compete in 7 different information security competitions for prizes! If you win, we’ll pay for you to come to NYC and collect your prize!
  • OWASP AppSec NYC – A 2-day web application security conference taking place downtown this September. There will be a web capture the flag contest, also with prizes. Everyone is welcome to play and challenges will be accessible to beginners and experts alike!

Now about HOPE/Packetwars CTF… Continue reading ‘I won HOPE/Packetwars CTF!’

Events this week

Published on July 15, 2008 in Events. 0 Comments

Tuesday (Tonight) – NYSEC at Pound and Pence

Wednesday night – InfoSec study time at ISIS Lab. I’m going to be working on a paper on Web Authentication.

Friday-Sunday – The Last HOPE at the Hotel Pennsylvania. Only $80 at the door! We’ll have a booth in the vendor area, come say hi!

Security Meetup 07/09 Cancelled

Published on July 7, 2008 in Uncategorized. 0 Comments

I’m going on a date to the Chelsea Art Museum’s Young Associates Party. :-P

ratproxy 1.51 tutorial

Published on July 5, 2008 in Web. 16 Comments

Ratproxy is a [mostly] passive web vulnerability scanner that Michal Zalewski released a few days ago. Set ratproxy to proxy your web browser and go surf! When you’re done, run a shell script and out pops a clear report of all the vulnerabilities ratproxy thinks it saw.

I’ve played around with ratproxy the past few days and used it to find vulnerabilities in some major websites. Here is a short cheatsheet I wrote up, an example report file and what it means, and a quick look into the source code of ratproxy.

Continue reading ‘ratproxy 1.51 tutorial’