Lab Challenges
Hands-on security exercises from CTFs and training labs.
Problem Statement
I identified and exploited an SQL injection vulnerability in a login/search endpoint, then proposed remediation steps.
How I Approached It
- I enumerated inputs and observed server responses to crafted payloads.
- I used time/error-based payloads to confirm injection points.
- I extracted database/version info via UNION and blind techniques.
- I recommended parameterized queries and input validation.
Tools I Used
- Burp Suite Community
- sqlmap
- OWASP ZAP
Key Lessons I Learned
- Input sanitization and prepared statements are critical.
- Least-privilege DB accounts limit impact.
Code Snippet
SELECT * FROM users WHERE username = '$input' AND password = '$pass';
-- Vulnerable to SQL Injection
Problem Statement
I exploited a stack-based buffer overflow to redirect execution and retrieve the flag.
How I Approached It
- I ran the binary and analyzed crash behavior with cyclic patterns.
- I found the offset and overwrote the return address with a controlled value.
- I leaked/guesstimated addresses and called the win function or built a ROP chain.
- I documented mitigations (NX/ASLR) and bypass strategies.
Tools I Used
- GDB + GEF/Pwndbg
- Python (pwntools)
- objdump/strings
Key Lessons I Learned
- Memory safety issues can fully compromise execution flow.
- Compiler defenses significantly raise exploit difficulty.
Code Snippet
from pwn import *
p = process('./vuln')
p.sendline(b'A'*64 + b'\xef\xbe\xad\xde')
print(p.recvall())
Problem Statement
I analyzed a provided PCAP to reconstruct sessions, identify suspicious traffic, and report findings.
How I Approached It
- I loaded the PCAP into Wireshark and reviewed top talkers and protocols.
- I followed TCP streams to extract credentials/artifacts.
- I correlated timestamps with IDS alerts and logs.
- I summarized IOCs and defensive recommendations.
Tools I Used
- Wireshark
- Zeek
- Suricata
Key Lessons I Learned
- Effective filtering accelerates triage in large captures.
- Context from logs improves precision of conclusions.
Code Snippet
tshark -r capture.pcap -Y "http.request" -T fields -e http.host -e http.request.uri
Problem Statement
I exploited a reflected XSS, then designed CSP and sanitization to mitigate the issue.
How I Approached It
- I probed parameters with benign payloads and confirmed sink behavior.
- I crafted context-appropriate payloads to bypass filters.
- I introduced CSP with nonce/hash and tightened sources.
- I implemented output encoding and input validation.
Tools I Used
- Burp Suite
- OWASP Cheat Sheets
- DOMPurify
Key Lessons I Learned
- Defense-in-depth is essential for injection prevention.
- CSP reduces exploitability of residual XSS vectors.
Code Snippet
// Example XSS payload
<script>alert('XSS')</script>
Challenge 1: asm1
I analyzed a simple assembly program and recovered the flag.
- How I Approached It: I disassembled, traced logic, and reconstructed the input.
- Tools I Used: Ghidra, objdump, strings.
- Key Lessons I Learned: Assembly basics, control flow, flag format.
Code Snippet
mov eax, 0x1234
cmp eax, [esp+4]
je flag
Challenge 2: crackme
I patched a binary to bypass the password check.
- How I Approached It: I used GDB, found the password check, and patched the jump.
- Tools I Used: GDB, pwntools, hex editor.
- Key Lessons I Learned: Binary patching, conditional jumps, reversing logic.
Code Snippet
gdb-peda$ break *0x0804856a
gdb-peda$ set {char}0x0804856a = 0xeb
Challenge 3: vault-door
I analyzed a C program with obfuscated logic to extract the flag.
- How I Approached It: I read the code, understood the transformations, and reconstructed the flag.
- Tools I Used: Source code analysis, Python for automation.
- Key Lessons I Learned: String manipulation, obfuscation, automation.
Code Snippet
# Example: reverse engineered flag logic
flag = ''.join([chr(x ^ 0x42) for x in data])