Hi all!

Our next study group topic is going through the OWASP Hacking Lab at https://www.hacking-lab.com/index.html  

We will be starting with the OWASP Top Ten challenge.

Our first meeting on March 3 will be making sure everyone is reading to go, i.e. they have an account and can get connected to the labs. 

People who want to participate will need to do the following:

1) Go to https://www.hacking-lab.com/index.html and register an account

2) Go to security events and click "Register Now" for the OWASP Top Ten challenge

3) Go to the download section and select the download you want. You can download a live CD to boot from or either a vmware or virtual box image to boot up. It is important to use one of their images because you will need to make a VPN connection to their labs in order to work on the challenges.

This should be a ton of fun! 

Post questions here.

Thanks!

Matt Pardo

You need to be a member of OWASP to add comments!

Join OWASP

Email me when people reply –

Replies

  • Hi all - I'm attaching my slides and the php script from today's session (A10 Unvalidated Redirects and Forwards). Please let me know if you experience issues viewing either of the links.

    slides: https://docs.google.com/presentation/d/1y5Rl7C0AtRoHK5eNfiBRDZPEKg_...

    script: https://gist.github.com/dbldub/5bda91e681d7a9927bf2de21fe0baf07

  • Hi all, 

    Today is the last meeting of the Hacking Labs topic!

    The line up is going to be: 

    5/19/2016 - Wade Wilson will cover the last topic. Thanks Wade! 

    5/26/2016 - No meeting so that we have time to promote the new topic and/or due to the holiday (take your pick)

    6/2/2016 - Start the new topic which is Basic Security Testing with Kali Linux 2

    Thanks!

    Matt Pardo, OWASP Austin Training/Study Coordinator

  • Hi all,

    We will continue with Hacking-Lab.com 

    What we did last time: 

    April 14, 2016 - A5 – Cross Site Request Forgery 

    • Dmitry covered this topic. Thanks Dmitry!

    What we will do: 

    April 21, 2016 - A6 - Security Misconfiguration

    • Trevor will cover this topic. Thanks Trevor!

    April 28, 2016 - A7 - Insecure Cryptographic Storage

    • Scott will cover this topic. Thanks Scott!

    Unfortunately, I can't find my notes on who volunteered for the ones below so I will bring up next meeting. 

    May 5, 2016 - A8 – Failure to Restrict URL Access

    •  

    May 12, 2016 - A9 – Insufficient Transport Layer Protection

    •  

    May 19, 2016 - A10 – Unvalidated Redirects and Forwards

    •  

    Thanks!

    Matt Pardo, OWASP Austin Training/Study Coordinator

  • Hi all,

    We will continue with Hacking-Lab.com 

    What we did: 

    March 17, 2016 - A2 - Cross-Site Scripting:

    • We covered the second exercise in the hacking-lab.com OWASP top 10. Samy showed a video and discussed it. Matt went over the exploit and tried to show it live (but the lab connection was pretty slow) 

    What we will do: 

    March 24, 2016 - A3 - Broken Authentication and Session Management

    • Nils will cover this topic. Thanks Nils!

    March 31, 2016 - NO MEETING - BSIDES AUSTIN 

    April 7, 2016 - A4 – Insecure Direct Object References

    • Matt will cover this topic. Thanks Matt!

    April 14, 2016 - A5 – Cross Site Request Forgery 

    • Dmitry will cover this topic. Thanks Dmitry!

    Thanks!

    Matt Pardo, OWASP Austin Training/Study Coordinator

  • Hi all,

    We will continue with Hacking-Lab.com 

    March 10, 2016 - SQL Injection

    • Attendance: a lot of people
    • Orlando went through a presentation on SQL injection - Thank you!
    • Thanks to all who attended!

    March 17, 2016 - A2 - Cross-Site Scripting:

    • We will be covering the second exercise in the hacking-lab.com OWASP top 10. Samy will take point on the discussion. 

    Thanks!

    Matt Pardo, OWASP Austin Training/Study Coordinator

  • Do we have meeting today?

    • Yes

  • Thanks Dmitri.  That's what I needed.

  • Paul,

    For the timezone, use "dpkg-reconfigure tzdata" as root.  You'll get a curses-based menu to set America/Chicago as your timezone system wide including the panel.  I just played with setting my Timezone to America/New-York and back and it changed the window manager clock immediately after both changes.

    For the keyboard, right click on the current language in the upper menu bar and select properties.  In the middle of the settings popup you can delete the languages you don't want and change the default.  Also do "dpkg-reconfigure keyboard-configuration" as root and set the language to English/US.  That will ensure that English is your language when you boot into single user mode and on any login screens before your user's window manager is invoked.

    Dmitry

  • For some reason I'm having a heck of a time getting my keyboard layout change to be 'sticky'.  Every time I start the HL client I have to change the keyboard layout back to US again.  Similarly, I can't seem to get the clock in the upper right corner to display anything other than UTC.  Anyone figured this out?

    griff

This reply was deleted.