Welcome to my channel, my name is Hitesh Patra, but in the InfoSec community, I go by the alias DEVINER.
I am a Security Engineer, Bug Hunter, and Red Teamer at heart. I am here to share my knowledge and simplify certain aspects of Cyber Security with all of you. You can expect to find a variety of content on my channel, all related to Cyber Security.
Thank you for joining me on this journey and I hope you will find my content informative and helpful.
I am so confused 😕 I came across this video pn accident is this a vuleability with Dan or what does this this due to domains on Dan in simple terms, thank you very much
Quick Question : I was using CTFd to host a CTF. I deleted some users' points, and now I want to get the timestamps of the submissions that were deleted from the teams. How can I do it?
Hey, just a quick question. Do you propose deployment using docker or the standard way? Also is it really required to set up a cache server to handle the data say for example 30 users trying to access it simultaneously. Thanks!
Hey, For 30 users you won't need a cache server, when you are dealing with a large number of users - say 1k + then you would need a cache server. I would recommend going with docker deployment, because it's easy to setup and easy to debug.
Hello sir, thankyou so much for this video. I have to ask one thing. I have to conduct ctf in college and I'm expecting participation of 200 users can i do it using azure virtual machine?
Yo! I'm currently going to setup a CTF with Google Cloud, and I'm expecting 30-50 people to attend. What option on google cloud would you recommend for this kind of usage l? It's only going to be active for 1 day @@screwedpanda
@@screwedpanda Thanks for making the video. My school club is thinking about making a CTF platform using CTFd and I am in the beginner stages of doing research for it. Right now, I got ctfd running on localhost and made a simple trivia challenge, but I am looking for challenge ideas as well as information on making a custom theme for CTFd! Do you have any resources?
Hey! Thanks for making this, it was VERY helpful. My college is hosting a CTF using ctfd, I'm new to all this, will this method count as hosting, i.e. can an external device also connect to this if I give them the ip? Also, is it worth it to host it using the $50 plan ctfd offers? I mean we won't really get more than a 1000 users and we just want to host it for 24h so the $50 for the whole month seems like a wastage. Moreover, this is method seems secure because we have frequent power cuts so it could be trouble if we set it up on our own PCs. Can you please explain these, I seriously need help with this. 🙏🙏🙏🙏
Hey Man, Glad it helped!! If you don't have a huge user base and more than 24h then don't go with the $50 plan, instead you can get a VPS from GCP or Digital ocean for free when you signup on them. Use this link for Digital ocean - m.do.co/c/47cd3b412bb8 . This will give you 200$ free credit for 60 days, and follow the same process that i show in video, you will be good to go :)
Hei, do you have any Idea why the nice Graph isn't showing on my Scoreboard page? it only show the users, score, visibility. But not the nice Graphic/Chart Thx
Thank you so much for producing POCs it really helped me to know about How an attacker attack in the real world scenerio. Keep producing such content. It would be better and become more interactive, if you can come up with webcam.
Dear Sir, Please do cover these crucial topics also. Like... How to bypass Drupal CMS How to bypass WAF protection that stops HTML, SQL, and XSS injection payloads? How to find the real origin IP of secured websites behind Cloudflare, Akamai, ModSecurity, AWS CDN, etc. How to bypass WAF using SQLMAP How to find hidden vulnerable parameters and endpoints inside the.js files? How to find hidden admin panels & cPanel and WHM panels. Please cover these important topics. Thanks
Note: At 02:16, when i say it got executed with Blind XSS and was not executing any kind of Normal XSS. The whole point of trying Blind XSS payload here is because there was some validation of executing javascript with normal xss payloads like alert, prompt, confirm. This anyways dosen't have much impact as the blind xss payload gets executed in self session. But, as there were restrictions on certain normal xss payload that's when i tried wth blind XSS payload, which worked. If you need more clarification, feel free to contact :)