Implementation Vulnerabilities and Detection Paper
I totally forgot to put this one online. It is already half a year old and was the result of a seminar that took place in the winter term 2006/2007.
It discusses both web-application vulnerabilities, like XSS, CSRF, SQL injection and the like, and classical ones, like buffer overflows, format strings and dangling pointer references. Each Vulnerability gets first explained and afterwards we describe protection mechanisms and possible problems about them.
There is only one major drawback, that is, the paper is in German, so you are possibly not able to read. But take this as your chance to learn it. ;)
Popularity: unranked [?]
CIPHER 3 (aka germany - country of hackers)
It has been a while since I made my last posting, but i hope i can add some content again in the near future.
On thursday, 12.07.2007, the CIPHER 3 took place and we as the CInsects participated in it. For those under you, who doesn’t know what this is finds here a little summary what a CTF is. I had more or less voluntarily agreed to set up our infrastructure, but, as it is in live, hadn’t as much time as I thought I would have. So partly therefore and partly because we always seem to start a little confused we started pretty slow and ranged in the last few places. But as the end got closer we slowly made it more towards the top. In the finish spurt we wrote some obviously pretty good advisories, which brought us to the lead in the advisory section and aggrandised us to the 4th position in the end. We were really excited about this result, since nobody bargained for such a good place after our mulled start.
The results and some statistics will be available next week on the CIPHER 3 homepage. Very interesting is the fact, that the first 6 teams are from Germany. So Germany seems to be getting the country of hackers … erm … I mean security experts ;). Well, possibly it this is only, because it is organized and held by a german team. Here is the final scoreboard. If you are interested in which team is from where and representing whom just compare the numbers with those on the CIPHER 3 homepage.
I want to thank here again Lexi and his crew for making such a cool event possible, taking all the time it needs to prepare it and keeping calm if the players complain when something doesn’t work the way wanted. Naturally I would thank all the other participants too. It was a great game and I hope everyone enjoyed it as much as we did. :)
Update: Stats are available here.
Popularity: unranked [?]