This repo contains two basic security exploits and some additional resources, designed for participants of the Intro to Security Engineering workshop at Hack The North 2020++.
Contains a password-protected PDF file. A successful attack unlocks the PDF file to reveal the secret word inside. (If you prefer, there is also a txt file encrypted using Vim.)
A simple SQL injection problem presented in a SQL Fiddle. A successful attack returns the entire table that the query runs on.
Here are some resources related to topics we discussed during the workshop:
OWASP Top 10 - the top 10 security risks facing web applications today.
MITRE ATT&CK® - a knowledge base of adversary tactics and techniques based on real-world observations.
Shodan - a search engine for Internet-connected devices. Use for ethical purposes only!
How Password Managers Work (Computerphile) - 12-minute explanation of password managers by Dr. Mike Pound. Would strongly recommend subscribing to his channel if you haven't already!
Interested in security and want to learn more? Check out the following resources:
OverTheWire Wargames - games that help you practice security concepts in the form of fun games. It starts off at an absolute beginner level (Bandit) and gradually progresses to more advanced challenges.
h4cker - a well-maintained repo with thousands of resources related to penetration testing and ethical hacking. Recommended for those who are looking for more resources on a more specific pentest-related topic.
CTFtime - compilation of most Capture The Flag (CTF) competitions. You can team up to solve cybersecurity-related challenges and try to beat all the other teams.
Cybersecurity news resources - comment thread describing top go-tos for cybersecurity news. r/cybersecurity itself has a great community for security engineers and enthusiasts alike.