Thursday, 24 July 2014

Call for Volunteers - SecurityTube DEFCON 22 Booth

We have some really exciting news to share! We will be putting up a booth in the DEFCON 22 Vendor Area next month. We plan to give out some free stuff and hope to meet SecurityTube Users and our Students.

With close to 13,000+ hackers expected at DEFCON 22, we know we need help in managing our booth and I thought its best to ask help from the community. So this is our official Call for Volunteers!

The Vendor Booth area will be running between 10AM-7PM on Friday, Saturday and Sunday (8th-10th Aug) and we are looking for volunteers to help us for 5 hour slots. You are allowed to select multiple slots.

What do Volunteers get?

To show our appreciation, for every 5 hour slot that you volunteer, you get the following:

  • $250 worth of courseware which you can select from SecurityTube Training
  • $177 worth of Pentester Academy subscription (3 months) 
  • $125 worth of goodies - $100 exam voucher + ALFA Wireless Card 
  • SecurityTube Official T-Shirt 
  • Lunch or Dinner is on us!  (depending on your slot)
We'd probably estimate a total of $600+ in giveaways for 5 hours of volunteering. Not bad :)

Please note that you will have to manage your own travel, accommodation and entry into DEFCON.

What work can you expect?

  • Giving out a ton of FREE stuff to conference attendees coming to our booth
  • Giving out our Flyers
  • We would expect you to wear the SecurityTube T-Shirt while at the booth 

Who is Volunteer #1? 

Vivek Ramachandran, chief trainer at SecurityTube Training and Pentester Academy will be at the booth most of the time (if not all the time).

How do you apply?

Please fill this form and we will be in touch. We understand that most of us prefer to be anonymous online but you'll have to trust us with some information about yourself, if you want us to trust you with our booth :) 

Tuesday, 22 July 2014

File Upload Vulnerability

File Upload Vulnerability is an extremely interesting topic with various twists and turns such as - Content-Type Checks, Bypassing Blacklists, Double Extensions, Defeating Getimagesize() checks, Null byte injection, getting a Meterpreter on the box via File Uploads etc.

We just wanted to share one of the interesting videos on this topic - "Defeating Getimagesize() Checks in File Uploads

Defeating Getimagesize() Checks in File Uploads

In the above video, we go step by step and uncover how we can embed a webshell into an image and have it executed by the remote server, even if it uses APIs like Getimagesize() to verify the presence of an image.

Here are other videos in the series, available only to Pentester Academy subscribers:

File Upload Vulnerability Basics


Happy Uploading!

Tuesday, 8 July 2014

Google XSS Game: Challenge Accepted!

Google put out an XSS Game not so long ago and we decided to take a shot at it. We've created our own XSS lab for Pentester Academy and it was really fun to see that these challenges were way easier to solve than those in our lab! 

So, take a shot at the Google XSS Game - Links to the individual challenge solutions are provided below to help you get started. 

Google XSS Challenge 1 Free


These videos are a part of Web Application Security Course at Pentester Academy. We are hosting interesting Web Application Security Challenges in this section for our students to try out. 

We also have many more interesting courses related to various other topics in the InfoSec domain. To know more, please visit: