The Esquire of Oz

Tumblr's 4th Annual Security Capture the Flag

Thu, 14 Jun 2018 11:36:35 -0400

We’ve hosted an internal Security Capture the Flag (CTF) event for four years in a row now, with each year getting better than the last!

The event

Previously, we were only open to Tumblr employees. This year we decided to extend an invite out to the other teams housed under our parent company, Oath.

All participants had a three hour window to hack, a buffet of tacos, beer, and wine to dive into, and a stack of prizes for the top four players (see Prizes below for details)!

Challenges were available Jeopardy-style, broken down by category. We had eight fun categories to select from:

Auth Bypass (authn | authz)

Cross Site Request Forgery (CSRF)

Cross Site Scripting (XSS)

Crypto

Forensics

Reverse Engineering

SQL Injection (SQLi)

XML Injection (+ XXE)

We also sprinkled a few “inside joke” Easter eggs around the system that awarded bonus points to anyone that discovered them! For example, if they attempted to find a hole in the CTF system itself and navigated to /wp-admin, we’d give them a flag on a prank WordPress page; or perhaps testing to find XSS with a <marquee> tag — only the greatest of all XSS tags!

While the Security Team walked around and helped out, we also setup a mini lockpick village just because.

Keep reading

pcwt: GIRO’18 Stage 3: Double Eilat TelaViviani! Elia...

Tue, 08 May 2018 12:59:17 -0400

pcwt:

GIRO’18 Stage 3: Double Eilat TelaViviani!

Elia Viviani (Quick-Step Floors) took his second consecutive sprint win at the Giro d'Italiaduring stage 3 in Eilat, using his bike skills to push back as Sam Bennett (Bora-Hansgrohe) tried to close the door along the barriers.

Rohan Dennis (BMC) kept the race leader’s pink jersey after finishing in the peloton and surviving the nervous finale in the Negev desert. Victor Campenaerts (Lotto Fix All) lost time in the finale and so Tom Dumoulin (Team Sunweb) is second at one second. José Gonçalves (Katusha-Alpecin) moved up to third at 13 seconds.

The Giro comes to the Northern Negev.

Tue, 08 May 2018 12:57:03 -0400

The Giro comes to the Northern Negev.

rollersinstinct: The route for this year’s Tour de...

Tue, 18 Oct 2016 15:27:30 -0400

rollersinstinct:

The route for this year’s Tour de France.

No cobbles in the TdF next year. This looks like a tour which will favor the climbers who know how to time trial.

socialpeloton: Congrats to @petosagan @markcavendish...

Mon, 17 Oct 2016 10:42:19 -0400

socialpeloton:

Congrats to @petosagan @markcavendish @bomtoonen 🚴🚴🚴💨💨💨
..
#Repost @ucidoha2016
・・・
Men Elite Road Race #UCIDoha2016
1. 🇸🇰 Peter Sagan 🏆
2. 🇬🇧 Mark Cavendish
3. 🇧🇪 Tom Boonen
..
..
..
#socialpeloton #cycling #велоспорт #ciclismo #cyclisme #procycling #doha2016 #petersagan #sagan #markcavendish #cvndsh #tomboonen #uci #roadcycling #cyclist #worldchampion #qatar (at The Pearl-Qatar)

The Sag man is doing his thing!

pcwt: TDF TOP 10 - GC CONTENDERS Some have already tasted...

Tue, 28 Jun 2016 14:27:55 -0400

pcwt:

TDF TOP 10 - GC CONTENDERS
Some have already tasted glory, some are the hope of a whole nation and some will discover the Tour for the 1st time… but all of them are dreaming about the yellow jersey! Who’s your favorite?

‪ #TdF #TourdeFrance #LeTour #ViveleTour #MaillotJaune #TDF2016 