{"id":186,"date":"2012-03-19T21:57:34","date_gmt":"2012-03-19T21:57:34","guid":{"rendered":"https:\/\/www.cores2.com\/blog\/?p=186"},"modified":"2012-03-19T22:00:55","modified_gmt":"2012-03-19T22:00:55","slug":"wargames-real-security-training","status":"publish","type":"post","link":"https:\/\/www.cores2.com\/blog\/?p=186","title":{"rendered":"Wargames: Real security training"},"content":{"rendered":"<p>A while back I wrote about a well written <a href=\"https:\/\/www.cores2.com\/blog\/?p=127\">web-application security course<\/a> developed and hosted by Google, called <a href=\"http:\/\/google-gruyere.appspot.com\/\">Gruyere<\/a>. Since then, I&#8217;ve been wanting to learn more about system security and classic exploits like <a href=\"http:\/\/en.wikipedia.org\/wiki\/Buffer_overflow\">buffer-overflows<\/a> or <a href=\"http:\/\/en.wikipedia.org\/wiki\/Shellcode\">malicious shellcode<\/a>. Though I&#8217;ve done wargames in the past, I&#8217;ve recently rediscovered the fun of breaking into systems that have clear-cut exploits to take advantage of. If you don&#8217;t know, a &#8220;wargame&#8221; (not simply &#8220;just&#8221; hacking), is a challenge related to computer and to exploit a given vulnerability. Generally wargames are deployed on systems\u00c2\u00a0specifically\u00c2\u00a0built\u00c2\u00a0within\u00c2\u00a0sandboxes for each user with multiple levels. The goal is to eventually reach the last level, accessing a file, text, or whatever it is to prove your skills and share your success. What&#8217;s particularly nice about the game is how educationally powerful it is. The games run in simple environments, without much changes over time, and\u00c2\u00a0disallow\u00c2\u00a0other hackers playing the game from tripping you up by manipulating your own progress.<\/p>\n<p style=\"text-align: center;\"><a href=\"http:\/\/io.smashthestack.org:84\/\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-187\" title=\"smashthestack\" src=\"https:\/\/www.cores2.com\/blog\/wp-content\/uploads\/2012\/03\/smashthestack.png\" alt=\"\" width=\"229\" height=\"161\" \/><\/a>\u00c2\u00a0 \u00c2\u00a0\u00c2\u00a0<a href=\"https:\/\/stripe.com\/blog\/capture-the-flag\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-188\" title=\"flag\" src=\"https:\/\/www.cores2.com\/blog\/wp-content\/uploads\/2012\/03\/flag.png\" alt=\"\" width=\"172\" height=\"222\" \/><\/a><\/p>\n<p>I&#8217;m a big believer in &#8220;learning through doing&#8221; (don&#8217;t theory is critically important!), and wargames fit that philosophy very well. The two wargames I played recently were the <a href=\"https:\/\/stripe.com\/blog\/capture-the-flag\">Stripe CTF Wargame<\/a>\u00c2\u00a0and the <a href=\"http:\/\/io.smashthestack.org:84\/\">Smash The Stack games<\/a>. The first is much more formal and direct, but overall as challenging as the later. If you truly\u00c2\u00a0want to learn how to &#8220;hack&#8221;, but more correctly how to write more secure code, go through the first game. The second is great, but less &#8220;user friendly&#8221; for you to progress through.<\/p>\n<p>Overall, even if you are a young developer new to the field, you should really sit down and take a day to try and go through a couple of levels. The\u00c2\u00a0amount\u00c2\u00a0you learn and the scope of the challenges are critical to a solid background in software development security. Learning about buffer-overflows by name and definition\u00c2\u00a0alone\u00c2\u00a0are not enough; one really has to go above and beyond to master such a complex subject.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A while back I wrote about a well written web-application security course developed and hosted by Google, called Gruyere. Since then, I&#8217;ve been wanting to learn more about system security and classic exploits like buffer-overflows or malicious shellcode. Though I&#8217;ve &hellip; <a href=\"https:\/\/www.cores2.com\/blog\/?p=186\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-186","post","type-post","status-publish","format-standard","hentry","category-news_updates"],"_links":{"self":[{"href":"https:\/\/www.cores2.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/186","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cores2.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cores2.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cores2.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cores2.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=186"}],"version-history":[{"count":0,"href":"https:\/\/www.cores2.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/186\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.cores2.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=186"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cores2.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=186"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cores2.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=186"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}