NahamCon CTF 2022: Web Challenge Walkthroughs

Video walkthrough for some of the Web challenges from the NahamCon (CTF) competition 2022; Jurassic Park, EXtravagant XML, Personnel, Flaskmetal Alchemist, Hacker Ts and Two for One. Topics covered include XML external entity (XXE) injection, SQL injection (SQLi), Regex injection, Cross-site Scripting (XSS), Server-side Request Forgery (SSRF) and 2FA (OTP) bypass. We'll use burp suite, Firefox devtools and ngrok. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #NahamCon #NahamCon2022 #NahamConCTF #CTF #Pentesting #OffSec #WebSec

↢Social Media↣
Twitter:   / _cryptocat  
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn:   / cryptocat  
Reddit:   / _cryptocat23  
YouTube:    / cryptocat23  
Twitch:   / cryptocat23  

↢NahamConCTF↣
https://ctftime.org/event/1630
https://ctf.nahamcon.com/challenges
  / discord  

↢Resources↣
Ghidra: https://ghidra.re/CheatSheet.html
Volatility: https://github.com/volatilityfoundati...
PwnTools: https://github.com/Gallopsled/pwntool...
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentestin...
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run

↢Chapters↣
Start: 0:00
Jurassic Park: 0:15
EXtravagant: 3:07
Personnel: 6:42
Flaskmetal Alchemist: 11:45
Hacker Ts: 22:42
Two for One: 31:46
End: 42:23