Articles written by Matteo Garza

Hack the Box Experience

How to prepare a white-box hacking workshop and live happily ever after

Alessio Giorgianni Alessio Giorgianni avatar Matteo Garza Matteo Garza avatar

2 minute read

After the successful experience of having a code challenge in March 2024, we decided to go further in delivering experiences to our colleagues.

Scouting around, I turned to Alessio Giorgianni, a developer with a passion for white hat hacking competition. We agree to try an experience using a platform called Hack the Box. Hack the Box Academy offers lots of information and training about IT Security and, in our case, some exercises we can use for hacking dummy applications, with a whitebox example (i.e., an example where all the code is undisclosed to us. There are also different kind of pentest). We agreed upon using a non-trivial quest, called Jerrytok. Jerrytok is a WAPT (Web App Penetration Testing) whitebox challenge. We got a simple web-application, written in PHP, which disclose the harm of using template engines in a not-proper way. It’s a good introduction to SSTI, Server Side Template Injection.

Venerdì Protetto | March edition

Shall we play a game? What about a nice Code Challenge?

Matteo Garza Matteo Garza avatar Ana Radujko Ana Radujko avatar

4 minute read

During the latest Venerdì Protetto (held on March 8, 2024), we had to change slightly the schedule we’d planned. We had to face a new schedule with very strict time constraints. So we decided to… do something new, and try a Code Challenge!

But how did we do it?

We searched for something already done on the internet, and most suitable for our needs. So we tried the most obvious solution and went for… Advent of Code!