⛏️Picking a challenge/target subject
Picking a subject may vary from person to person, however, picking a challenge or target subject for me usually involves one or more of the following:
Inspirational: Sudden inspirations of obscure and crazy scenarios that not always make sense or are able to be implemented. Such as, you read something and it triggers an idea for something else...
Wise-ass/What if/Don't do: This is a particular category that i think not a lot of creators pay attention to. This has to do with testing assumptions and warnings to identify the extend of a security incident.
Research: I am interested in researching an area or technology out of personal interest, developing a target based on what i learned along my research is a good way to make sure i don't forget what i learn (not always successfully, but you get the idea)
Vulnerability/CVE: There is a major vulnerability being reported that for some crazy reason i feel that it needs to be on our platform, thus a new target is born.
Inspirational
Wise-ass
There are certain types of challenges that I like to call wise-ass. These are based on what ifs and dont's.
We all know that having a database accessible to the internet is bad, but what if it was accessible? These types of challenges try to address what happens then.
What are some of the damages that could be sustained?
What are their security implications on the system?
Under which circumstances does this become an actual attack vector?
These types of challenges help in educating the users and the creators in cyber security policies with a better understanding for the consequences.
Research
Vulnerabilities/CVEs
You dont always have to all out of your way to create elaborate and smart scenarios for your challenges. Most of the times the vulnerabilities and CVEs that are reported online provide enough material to help you create a challenge in matter of seconds.
Last updated