ToTM - June 2018 - Penetration Testing ($600 in prizes)
[Image: wm3bEL8.png]
Tutorial of the Month: Penetration Testing Edition

Submission Threads

General Hacking and Security: Web Application Security: Network Security:

General Information

For the month of June 2018, GreySec presents Tutorial of The Month: Penetration Testing Edition!
... This time sponsored by our friends at AlienVault! This will be a writing challenge/contest.

In the past, we have done in-house events where we would offer cryptocurrency rewards for the best information security, or privacy, related tutorial of the month. These events were relatively successful among existing users, and we now seek to encourage more of the global cybersecurity industry to join, learn, and share their own discussion points and research. To help provide an incentive for help in our initiative, we invited AlienVault to collaborate with the GreySec community.

This time around we will have a theme: penetration testing, with three categories around this theme. You will be able to read this thread, post a submission, and hopefully win $200 and a challenge coin. The prizes are a courtesy of our AlienVault friends. There will be three winners, one per category. The winning submissions will be selected by a Judge Panel.
  • You will post a submission thread in the month of June to be considered eligible
  • Three winning submissions will be selected, featured here, and professionally edited to be cross-posted to AlienVault's Security Essentials blog (great SEO & great professional exposure!)
  • Three winning submissions will receive prizes ($200 gift card & challenge coin)
  • Every submission must be posted as a thread on GreySec, following the guidelines outlined here
  • Event announcement, May 14th 2018
  • Submission period, June 1st - 30th 2018
  • Final review period, July 1st - 3rd 2018
  • Winner announcement, July 4th 2018
  • Winning submissions collaboratively edited & cross-posted to AlienVault, July - August 2018
Prizes: $200 Gift Card & Challenge Coin
  • The winning three submissions will receive prizes, one winner per category
  • $200 gift card code, per winner ($600 total funding)
  • 1 AlienVault challenge coin, per winner (3 total)
  • Spoiler: Challenge coin picture(Show)
    [Image: BGyvQOQ.png]
Submissions & Categories

In order to participate, you must create an informative thread here on GreySec. This thread should be written in blog-post format, as a tutorial or guide.

The theme this month is Penetration Testing. There are three categories, related to the subject of Penetration Testing, that you may write within: Once you have created your submission, simply post it in the designated GreySec forum, and post on this thread with a link to your submission thread. The submission thread will be added to this page. Submissions are only allowed during the "Call for Submission" period, so do not post your thread until June 1st, 2018.

Spoiler: Submission Topic Examples(Show)
Listed below are simply examples of topics that you could write about for your submission.
You do not need to write about all of these topics; one is sufficient, or whatever you like.

Theme: Penetration Testing
  • Topic #1: General Hacking and Security
    • Briefing: General discussion on offensive and defensive security.
    • Exploitation (CVEs, 0-days, systems, software, etc.)
    • Post-exploitation; privilege escalation
    • Backdoor access (rootkits, shells, etc.)
    • Etc. 
  • Topic #2: Web Application Security
    • Briefing: Discussion on web exploitation and security. Such as SQL injection, cross-site scripting, etc.
    • OWASP Top 10
    • Damn Vulnerable Web Application (DVWA)
    • Injection (ie. SQL injection)
    • Broken authentication
    • XML external entities (XXE)
    • Broken access control
    • Security misconfiguration
    • Cross-site scripting (XSS)
    • Insecure deserialization
    • Using components with known vulnerabilities
    • Insufficient logging & monitoring
    • Secure coding techniques
    • Web application security tools (e.g. vulnerability scanners, web proxy tools, etc.)
    • Etc.
  • Topic #3: Network Security
    • Briefing: Discussion on exploiting and securing networks. Discuss TCP/IP, wifi hacking, etc.
    • TCP/IP
    • Pivoting; lateral escalation
    • WiFi hacking
    • Network TAPs
    • VLAN hopping
    • Access control
    • Software-defined networking security (SDN)
    • Etc.

Writing Expectations
  • Blog post format; written as an informative guide or tutorial
  • Strong explanation of topic(s) required
  • Proof-of-concept example(s) required
  • Submissions must be posted as “threads” on GreySec Forums; no file formatted submissions, exceptions may be made for special cases after consulting a Judge Panel representative
  • Must be “new” content, not previously cross-posted elsewhere
  • Multiple submission threads are allowed
  • There is no minimum or maximum word limit; don't write us a book
  • Submissions posted between June 1st - June 30th will only be considered
  • By submitting to this “Call for Submissions”, you agree to have your submission edited by AlienVault staff, and cross-posted to AlienVault’s Security Essentials blog site, if, and only if, you are a selected winner
  • You maintain the right to own, and spread, your content post-contest (once the contest is over); however, AlienVault retains the right to publish the winning content without deletion
  • Edits by AlienVault will be suggested to winners, first seeking their approval, prior to publication; the AlienVault editors want to keep the author's voice and message clearly in-tact. They will be there to work with you, the winners, as a team effort
  • You maintain the right to submit and win, under the guise of a pseudonym
  • Emphasis on penetration testing is highly preferable, according to the set theme
More Information

For additional information, please contact me directly.

I can be contacted via private message here on GreySec. Here is my Keybase with my public key. My XMPP address is also available in my signature, but is used less.
Awesome, if time allows. I would certainly be interested in contributing, there's time enough to consider a topic and do some in-depth research in preparation of it. Even if i don't end up submitting anything. I can't wait to read some of the amazing contributions that i am sure some of our members will provide. All in all a really cool event from more than one standpoint.
How many submissions per user, one per topic or one in general?
(05-16-2018, 11:19 PM)ekultek Wrote: How many submissions per user, one per topic or one in general?

Multiple submissions are allowed i think.
(05-16-2018, 11:19 PM)ekultek Wrote: How many submissions per user, one per topic or one in general?

He said multiple submission threads are allowed under the Guidelines.
(05-17-2018, 06:25 AM)Knife Boss Wrote:
(05-16-2018, 11:19 PM)ekultek Wrote: How many submissions per user, one per topic or one in general?

He said multiple submission threads are allowed under the Guidelines.

This is correct. Users may create multiple submissions, under multiple topics.
I shared a brief statement regarding this event on my personal blog: Although, no new information has been shared.

Also, thank you enmafia2 and Vector for spreading the word on Twitter. For everyone else lurking: please consider sharing this event with your friends and followers. Without community involvement, these events are almost meaningless, so do your part by spreading the word!
Hi guys! Presenting my entry for this contest:
Thank you!
(06-01-2018, 07:13 PM)nats Wrote: Hi guys! Presenting my entry for this contest:
Thank you!

Submission accepted!
We shared your submission thread via our Twitter platform:

On a more personal note, welcome to GreySec Forums.
Hi guys! Presenting another entry for this contest under the "General Hacking and Security" category:
Thank you!

Possibly Related Threads…
Thread Author Replies Views Last Post
  [06-14-2018] GreySec Downtime - SSL. New frontend + DNS Insider 2 26,699 06-15-2018, 07:15 PM
Last Post: nats
  ToTM Voting Thread August 2017 (Tutorial of the Month) Insider 12 53,433 09-19-2017, 12:33 PM
Last Post: enmafia2
  ToTM Nominations (Tutorial of the Month) - Aug 2017 Insider 11 38,115 09-05-2017, 07:31 AM
Last Post: Palm
  Return of MoTM and ToTM contests Insider 11 34,419 02-13-2017, 06:13 AM
Last Post: Vector