Monday, April 14, 2014

2014-04-14 - Back in the saddle

I apologize for the absence but I've honestly been crazy busy with CCDC (MACCDC prep and execution, and NCCDC prep). It would have been unfair of me to issue challenges without being able to properly respond to them in a timely manner. I do have a few left to answer still. So this week's challenge is going to require a big more research than normal. The following is a Windows 7 event log of some sort. With it you should be able to tell me the computer name, and exactly what time KB982132 was installed.
(The file is intentionally corrupted)


Monday, March 10, 2014

2014-03-10 challenge

This week's challenge is straight forward. "sc" is a Windows command that shows information about Windows services. Pick any service on a windows machine and run "sc sdshow " on it (you can use "sc sdshow lanmanserver" if you want. The output of the command is called a "DACL" in "SDDL". Your challenge is to explain in its entirety what that jumble of letters and semicolons mean, as well as explaining DACLS and SDDLs. Extra Credit: Explain how an attack can use this information.

Monday, March 3, 2014


Is it Monday already? Sorry for being tardy on the emails this weekend I will get to all of them tonight. I was a little busy making RIT students do push ups in order for me to relinquish control of their domain controllers for ISTS ;-)

See the fun we had here:

This week's question is:

Describe XML Entity Injection, how it can be found (what indicators may lead you to assuming it's possible on a given app) and what is possible with it?

Monday, February 24, 2014


First a few FAQs:

  1. I prefer that people email in their answers but a link to a blog post works as well. But I probably wont see them if you post it on social media sites like Facebook or G+. 
  2. I won't be posting anything about the answers submitted, to include what the "right" answer is, this isn't trivia, this project is geared towards challenging you to try something out you may not have tried, or learn something you might not have tried to learn, I'm only here to push you further once you have and keep it rolling week by week once you do.
This weeks question is:

A number of SCADA and ICS systems use a protocol named "MODBUS" what are some vulnerabilities that are in or involved this protocol? What sort of systems were they attached to? What did they control? Why did the vulnerabilities occur? What does SCADA stand for? What does ICS stand for? Dive as deep as you want on this.

Wednesday, February 19, 2014

Groupon Certifications

Since this blog is about challenges and helping people learn/break into the IT Security field (InfoSec) thought this was something worth posting:

$99 for a certification bundle (CompTIA Security+, A+, and Network+), as far as I can tell, this is only training to help prep for the certifications. I don't know anything about the company, but the demo video seems pretty lively.


Thursday, February 13, 2014


(Because this is the first post, and you probably don't know what "this" is, check out the page: to find out)

Tomorrow is Valentines and the 17th is a Holiday, so this question comes a little early:

802.11 is commonly know as WiFi. Name 2 different attacks you can perform on the different types of Wifi, feel free to classify what I mean by "types" however you wish. Please provide reference or your own work at trying them out.

Due Date: 2014-02-21