Learn to solve web security challenges from NahamCon CTF 2023 through detailed walkthroughs covering cross-site scripting (XSS), remote code execution via domPDF, data hiding techniques, and server-side template injection with WAF bypass. Master practical cybersecurity skills by following step-by-step demonstrations of four key challenges: exploit XSS vulnerabilities in the Star Wars challenge, execute remote code through ttf/php polyglot files in Stickers, discover hidden data in the Hidden Figures challenge, and bypass web application firewalls using template injection in Obligatory. Access comprehensive write-ups and additional resources including tools like Ghidra, Volatility, PwnTools, and CyberChef to enhance your capture the flag competition skills.
Overview
Syllabus
Start
Star Wars XSS
Stickers domPDF RCE via ttf/php polyglot
Hidden Figures Hidden data/embedded files
Obligatory SSTI + WAF
End
Taught by
CryptoCat