RingZer0 Team created a site that hosts many different challenges such as reverse engineering, forensics, crypto, and many others. These challenges have helped me learn new tools and get exposure to low end parts of the computer.
One of the challenges I completed required reversing a randsomware that encrypted a MBR. After the MBR has been retrieved it needs to be reversed to find the password to boot up the system. This taught me how to get around simple anti-reversing techinques and reversing 16bit code.
This is an attack similar to the We Got Breached challenge, except this time we only get the activity logs. This challenge can be solved 2 ways, using the time difference between queries or through number of bytes returned.
This challenge was a SQL injection attack on a mysql server. It was interesting to see since it was able to extract data from the database while only knowing if a query returns true or false. It works by using MID() to get a letter from the query returned and then converting to ascii code with ORD(), and comparing to a guess from the attacker. This lets the attacker know if the char is above or below the current guess. Once one char is found, then the attacker moves to the next char.