noshitsecurity

sincera's pandora

Dinosaur Helpdesk System



Welcome to NoShitSecurity, a place for you to find your foothold in the cybersecurity industry.

Our challenges feature everything from simple cipher suites and steganography to advanced binary exploitation and shellcode– not to mention black boxes built on cutting-edge cloud architecture to help you practice like a pro. Our course and challenge architects are incredibly capable, and always ready to help you learn.


Everything you will need to complete our current challenges is listed below


Click here to open a tab to the CyberChef suite of tools; pin this tab
Click here for our essential terminal resources (Special thanks to Nate Landau)
Click here to snag a copy of Karkinos; use this like CyberChef
Click here for the Photopea image processor (like Photoshop)
Click here for Rick DeJager’s Stegseek, the world’s fastest steghide cracker
Click here for Pedro Augusta’s PNG steganography online tool
Click here for Chiragh Arora’s article covering EXIFtool features and usage
Click here for Dheeraj Gupta’s article covering Steghide features and usage
Click here for Vivek Gite’s comprehensive guide to the Unix “dig” utility
Click here for information about PGP and cryptography in general
Click here for information about the Wireshark protocol analyzer
Click here for information about Binwalk from ReFirm Labs
Click here for information about Nmap from Gordon Lyon

Click here for FinalRecon – The last recon tool you’ll need


Glossary of techniques and concepts used in our challenges


Obfuscation is a method of encoding things; usually very easy to reverse (ROT13, ROT47, Base64)

Symbol replacement encryption means that the symbols require a cipher or key to understand

The Vigenère Cipher was considered the greatest advancement in cryptography in over 1000 years

The process of encrypting and decrypting messages involves keys; it works forwards and backwards

Techniques for designing and implementing algorithm designs are called algorithm design patterns

In symmetric-key cryptography, a single key is used to encrypt or decrypt a body of data

In public-key cryptography, one key decrypts or verifies what the other key encrypts or signs

Steganography is the practice of concealing a message within another message or a physical object

Challenge Authentication Protocol (CHAP) requires you to encode a string with a known secret

CHAP can be used alongside public-key infrastructure to securely create an encrypted TLS tunnel

Triple DES with three independent keys is still in use today by the electronic payment industry

The One-Time Pad is a version of old military technology (1882) that is still in use today

A Vernam cipher whose key is as long as the message becomes a one-time pad, a theoretically 
unbreakable cipher

Digital forensics is a branch of forensic science encompassing the recovery and investigation 
of material found in digital content or devices

Open-source intelligence (OSINT) is a multi-factor (qualitative, quantitative) methodology for 
collecting, analyzing and making decisions about data accessible in publicly available sources 
to be used in an intelligence context


Check back for more information as it becomes available


If you are having trouble with your physical key, please contact support@noshitsecurity.com