Break things, write reports

Guessing vs Not Knowing

Guessing sucks.

Tags — | rant | Categories: —
Posted at — Oct 31, 2020

I recently watched a video by @liveoverflow on YouTube, aptly labelled ‘Guessing vs. Not Knowing in Hacking and CTFs’ at ‘https://www.youtube.com/watch?v=L1RvK1443Yw'.

Guessing, is pretty boring in CTFs. He calls out steganography challenges outright, which always comes down to some crappy tool you never knew about. The tl;dr is that bruting directories is generally a waste of time, and it ultimately comes down to guessing a bunch.

You wouldn’t want to do it for a product assessment, because you’re going to spend all your time bruting things instead of triaging actual issues, and in a CTF it’s a lot of wasted time waiting for gobuster to do its thing.

Food for thought.