Blogs

Almost three years ago we wrote about using GitHub for providing a sort of HTTPS wrapper around our StatusCake status pages. StatusCake does provide HTTPS status pages, but their free plan only offers URLs like https://uptime.statuscake.com/?TestID=4TC8WjmZ8X and we wanted to use our own sub-domains like https://status.hackthissite.org. Our domains use HTTP Strict Transport Security (HSTS), which enforces HTTPS on all sub-domains, so our status page URLs would also require an HTTPS protocol. We originally used a VPS to serve the HTTPS status sub-domains (fi...

Status pages are important for maintaining a line of communication with your users in the event of a loss of services. We do this both via Twitter and our status page. Over the years we have maintained these status pages in one form or another. This varied from custom-generated output from a parsed Nagios status.dat file, to a Cachet site, to (currently) StatusCake pages.

Through all of these iterations we always had to host this somewhere, itself a single point of failure, usually a tiny VPS with a different provider. The last and current one, StatusCake, while a cloud provider, also required a self-maintained VPS due supporting only HTTP (not HTTPS) for our status sub-domains. Some of our domains use HTTP Strict Transport Security (HSTS), which enforces HTTPS on all sub-domains, so their solution wouldn't work out of the box. This meant we had to run a...

Shout to all those that participated under the HackThisSite flag. We finished 81st out of 1492 teams!

Great work everyone! There was an amazing turnout for this event. We will be participating in a lot of CTFs this year of varying skill levels. Keep your eyes open for upcoming event announcements!

HackThisSite IW-CTF 2016 Team Members:
Ninjex, Ayr3s, missingRemote, mShred, Pure'Cadence, Zylopfa, stoneman, LiquidLemon, NETWORKsecurity, rained, Skyfa11, limdis

What's up guys. I'm ready to fire this course up again. This time with a bit more involvement and additional projects for you to practice and hone your skills on. If you have never heard about Metasploit before I highly encourage you to check it out. This course is more than simply reading about exploits. You will actually be performing them! The goal is to provide you with the opportunity to really dive into penetration testing, and learn together with others. If you have ever wished that someone took you under their wing and teach you, this is as close as you will get.

I want to officially kick this off Saturday, the 11th of April. If you wish to participate in a group setting join us via IRC in #metasploit. Alternatively, you may ask questions and post comments here in this thread. All content is public and is available at anytime so you are free to learn at your own pace.

For more information: See here

There were many outstanding candidates and we conducted several interviews. It was a tough decision but the Security News position has been filled. Thanks to all that applied!


~HTS Staff