요약 1. 취약한 워드프레스 환경을 자동으로 구축해주는 깃헙 리포를 발견했습니다. 하지만 이런저런 문제점으로 에러가 나서 그것을 고친 뒤 배포하기로 결정합니다. https://github.com/ChoiSG/vwp 한글 리드미는 여기서 참고해주시기 바랍니다. - https://github.com/ChoiSG/vwp/blob/main/README.ko.md 2. 직접 리포에 가셔서 클론 하신 뒤 간단하게docker-compose up…
요약 (영어가 편하신 분들 or If you are an English speaker, please read the english version of this article here - https://blog.sunggwanchoi.com/we-created-a-fake-company-infrastructure/ [https://blog.sunggwanchoi.com/we-created-a-fake-company-infrastructure/]) 2020년 봄학기 1월 초, 나와 내 친구는 학교의 취약점 진단 및 모의침투테스트 그룹의 공동리더가 됐다. 이 기회를 살려 실제…
Summary As current leaders of Rochester Institute of Technology's Penetration Testing group (RVAPT), my colleague and I created a mini-competition that simulated a fake organization's IT infrastructure for the students to do a penetration testing on. With the help of my colleague and co-leader of RVAPT, Mohammed Alshehri(twitter) [https:…
Slides Link [https://docs.google.com/presentation/d/1ZWNDUOpiEnIWY0wR0aVgHZC9P-ETzcgG6smpk6BB0-I/edit?usp=sharing] Background In week 1 of RVAPT, the group have went over the Pre-Engagement phase of the penetration testing. There was a clear reason why RVAPT started off with non-technical, a bit "boring" side of Offensive Security. This is…
Slides RVAPT 0 - Introduction Slides [https://drive.google.com/open?id=1b63v4YIhffbv0MsJLpolMJb5ZghhJ9wOECgmg1NCnxs] Demo N/A - For introduction week, there was no demo The Background In my school, Rochester Institute of Technology (RIT), Computing Security (CSEC) is one of a big computing major. One aspect that I absolutely love…