How do you fuzz an application from a black-box perspective? What type of information do you follow up on, and how do you find bugs and vulnerabilities? In this challenge you will see me trying all kinds of options, trying to make the application fail, and I cannot find the “way in”. Instead, having the source-code and doing a simple source-code review allows us to find the vulnerability.
In these video series I am running through the Overthewire.org Natas wargame. It’s all about web hacking and shows an array of different web vulnerabilities for us to practice on. This video features Natas 23.
If you liked it, or you want more, let me know. Subscribe for updates to my channel.
You can check out my twitter account here for updates: https://twitter.com/ChrisADale
Interested in hiring my team and I for consulting? Check us out at https://riversecurity.eu/
I’m also a SANS certified instructor, and you can come to my classes. Check out my schedule here: https://www.sans.org/instructors/chris-dale