My First Big Girl Capture the Flag Competition
Last weekend I attended BSides Iowa, a smaller security conference taking place in Des Mo...
For further actions, you may consider blocking this person and/or reporting abuse
I had never heard of this activity before this post and I'm so glad you shared it, Toni! I really want to start attending security-focused events, they seem like a blast.
"...in this case, not port 80 or 433 because those are web ports and wouldn't normally be used for control of a botnet."
Maybe a dumb question (I'm definitely not a security expert), but why not use ports 80 or 443 to control a botnet? I'd think that by doing so, it'd be easier to get past various firewall restrictions and it'd blend in better with whatever other network traffic noise is on the machine. Also, running over SSL might make it harder for others to pick apart exactly what you are doing.
Joel,
For OUTGOING requests you'd be correct. However for INCOMING (hosting on a port) most home internet services providers (like COMCAST) block hosting anything on a public IP on port 80 or 443 (also 25 which is mail). This is to limit people from trying to host a web site on their home internet (and a spam mail server in the case of 25).
That makes sense.
I know about stuff like this from geohot back in the day before comma.ai
There are even a few livestreams of him doing some challenges.
It seems really cool and awesome...wish I had more time to learn security stuff to that level :)
I had never heard of any of this, so thanks for ruining my life because all I do now are the puzzles on hackthissite and ctflearn! :)
Capture The Flags are awesome! I took part at one in Dublin a few weeks ago. We placed 6th, not bad for my first CTF :)
Just dropped in to say great write-up!
Your write-up just made security approachable for me! Thanks and well done!