Video walkthrough for some Web challenges from the NahamCon Capture the Flag (CTF) competition 2023 (organised by @NahamSec ); Star Wars, Stickers, Hidden Figures and Obligatory. Topics covered include XSS, domPDF RCE, hidden data (misc/stego) and SSTI with WAF filter bypass. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #NahamCon #NahamCon2023 #NahamConCTF #CTF #Pentesting #OffSec #WebSec

If you're looking for the "Marmalade 5" Web challenge, check the @intigriti channel:    • Cracking a JWT with MD5_HMAC Algorith...   🥰

Full write-ups for the challenges: https://github.com/Crypto-Cat/CTF/tre...

↢Social Media↣
Twitter:   / _cryptocat  
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn:   / cryptocat  
Reddit:   / _cryptocat23  
YouTube:    / cryptocat23  
Twitch:   / cryptocat23  

↢NahamConCTF↣
https://ctf.nahamcon.com/challenges
  / discord  

↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundati...
PwnTools: https://github.com/Gallopsled/pwntool...
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentestin...
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run

↢Chapters↣
0:00 Start
0:18 Star Wars (XSS)
4:07 Stickers (domPDF RCE via ttf/php polyglot)
11:45 Hidden Figures (Hidden data/embedded files)
17:55 Obligatory (SSTI + WAF)
25:26 End