People should think about what Apple’s boundary conditions for the #CTF mean. If Apple is willing to hold off on charging a fee for three years, it probably means that most small development businesses on the AppStore don’t see a profit for three years. Apple knows how long it takes for devs to get from sign up to ship, and they know how long it takes to get from shipping to decent revenue. It’d be naive to think they don’t use that information. #DMA
Czasami jest tak, że to, co wydaje się celem, wcale celem nie jest. Łatwo to przeoczyć, szczególnie, jeśli mamy do czynienia z punktacją czy ogólnie gamifikacją.
Ale jak to? O co chodzi? Może łatwiej będzie na przykładzie. Weźmy konkurs, kto zbierze najwięcej śmieci podczas oczyszczania lasu. Czy zwycięstwo w tym konkursie jest najważniejsze? Czy bardziej liczy się sam fakt sprzątania, a miejsce w kon
#introduction Bonjour, I'm Marc (a.k.a. "T0K_"), a #phd student working on #privacy -preserving technologies. Outside the lab, I spend my time playing #videogames and losing #ctf challenges.
With this account, I'll promote some of my academic work . I might also engage in stupid and vibrant debates about random geeky stuffs .
I'm not entirely sure yet what I'll do with this Mastodon account, so I don't exclude the possibility of some cat pics or even some shitposting
I wanna use this account to talk and ask questions to the wider community. I may also share #iocs of ongoing campaigns from time to time. I also have a main account (@Nnubes256) for more general stuff; I'm just moving my #cybersecurity presence where the action is :D
I get a lot of people calling out my #Bitcoin skepticism (as in: Bitcoin is a worthless piece of hot garbage trying to kill our planet) because number is again going up. This time it's real, now that the scamers have been caught and all.
But if you want to know why Bitcoin goes up you just need to look at one curve: Tether has printed 4 billion USD from thin air in the last week.
While it's great to see the crypto scam artists SBF and CZ been caught and punished (sadly without making their victims whole) the actual rock that whole scam economy is built on is Tether. Has been Tether for years.
And I really don't get why US regulators let some weird company print fake USD.
I learned a lot and had quite some fun. Thanks for that 😃
But there is also some room for improvement (which caused quite some frustration)
Make the flags more liberal what is accepted. Eg. Ignore blank, especially around CSV lists. It took me and others quite some time to work out the correct format.
I found the hints quite often not helpful and rather confusing. Eg. the sole hint for finding a cleartext password was something like "Cracking the hash takes forever. So skip that".
This leads to 3.
Digital forensic isn't my daily business, neither are CTFs.
If your CTF target beginners provide more (up front) hints about the tooling. It is quite frustrating if you try to search for tooling for a problem, you might not even be able to state correctly. And the downloading tools and try to understand and use them only to fail. Never knowing if it is the wrong tool, or if it is you using the tool incorrectly.
It would have great to know up front which tools to install. Especially if they require a Windows VM (mimikatz, PECmd, ...)
I don't think tool hints would spoil too much of the fun.
Advanced participant will know them anyway (mostly) and installing and reading up on them a bit in advance saves time for the real fun 😃
DailyCTF Robot: A discord bot written in python3, allowing to host and manage CTFs on Discord.
Ever thought of turning your Discord server into a mini-CTF arena? I built a Discord Bot just for that From challenge creation, hint releases, to flag submissions and leaderboards, writeups, it's got it all automated. Designed with Python3 at its core, this bot is all about giving a seamless CTF hosting experience. Dive into the bot's GitHub](https://github.com/Goofygiraffe06/DailyCTFRobot) to explore more. Community Feedback, thoughts, forks, or stars - all are welcome!
What #dns#exfiltration tool sends requests made of 3 levels of subdomains in hex strings with a 1-byte command prefix (00 start file, 01 file data, 02 file end) followed by a two-byte packet number, with packets sent in semi-random order? We solved it, but I wonder it exist or was it made for the purpose of the exercise? #infosec#ctf