Normal view

There are new articles available, click to refresh the page.
Before yesterdaynot so pro

Avoiding B.A.D. behaviour

11 June 2022 at 22:00
The difficult relationship between nihilism, cybersecurity professionals and Being-A-Dick behaviour - Disclaimer: if you are looking for a strictly technical article, the ones I usually write, you will be disappointed. This blogpost is mainly my two cents on the way we, cybersecurity professionals, usually deal with situations, organizations and people, both techies and non-techies. Introduction A few days ago, I was...


13 May 2022 at 22:00
Quick primer on how to setup and use dnscat2 - dnscat2 uses a client server architecture to tunnel traffic via UDP and/or DNS queries. It can be used to bypass firewalls and execute commands on the machine running the client. It can also be used to to tunnel traffic from the server to the internal network of the client through...

Offensive Operations in Active Directory #1

8 May 2020 at 22:00
Scatter the (h)ashes... - Greetings fellow hackers! Last here, today we will take a look at a well known technique used by attackers in AD environments, the infamous overpass-the-hash. β€œBuT lAsT, pAsS tHe HaSh iS sO 1997!11!1!!” you could say. And you would be right, partly. Time for an anecdote! It was the beginning...

Offensive Operations in Active Directory #0

6 May 2020 at 22:00
Taming Kerberos and making it our loyal companion - To my good friend Vito and to the league of evil men. Let’s do some black wizardry, shall we? There is a well known thought experiment that makes one wonder whether a tree falling in a forest, with no one around to hear the sound of it hitting the ground,...

Tactical Debriefing - Offshore

23 October 2019 at 22:00
Lessons learned by pwning the Offshore pro lab by HTB - Greetings everyone, last is back! So, on the 28th of September I played the RomHack CTF with my fellow mates from JBZ and we arrived third, thanks to a flag submitted at the last second (a typical CTF tactic to make the other teams relax and then pwn them at...

My (ongoing) path to cyber security.

5 August 2019 at 22:00
It's not about the destination, it's about the journey - Let’s track this from the beginning. Why am I writing this piece? The answer is at the end of the post (go there for a tl;dr). On this blog I usually stick to technical posts because that’s what I feel like doing, teaching other people things I’m still learning to...

Attacking and Defending Active Directory course review

3 June 2019 at 22:00
Active Directory attacks, from zero to hero - Introduction It’s been almost two weeks since I took and passed the exam of the Attacking and Defending Active Directory course by Pentester Academy and I finally feel like doing a review. I was very excited to do this course as I didn’t have a lot of experience with Active...

Introduction to angr Part 3

9 April 2019 at 22:00
Symbolic (dynamic) memory FTW! - I need a holiday. WTF am I doing here now? 4AM in the morning, mindlessly staring at a computer screen, tricking myself into thinking I’m actually learning something. I should probably go for a run(?) or learn to play an instrument(??) or probably just sleep like normal people do(???). No,...

Introduction to angr Part 2.1

2 April 2019 at 22:00
Same shit, other day? - I told you in the last post we would have tested angr on a reverse engineering challenge different from the ones we’ve seen so far in angr_ctf. Since I’m a lamer lazy person I did not want to completely reanalyze a new binary so I went for the one we...

Introduction to angr Part 2

25 March 2019 at 23:00
Jarvis, sometimes you gotta run before you can walk - Searching on Google how to combat writer’s block and blank page fear? Check. I really don’t know how to start this time, probably because I’m distracted so let’s dive right into it. In the last post we learnt how to inject a symbolic bitvector inside a register using angr and...

Introduction to angr Part 1

24 March 2019 at 23:00
You need to learn to walk before you can run - In the zeroth part of this series we learnt how to perform some very basic symbolic execution of a simple binary. This time we are going to talk about symbolic bitvectors and how to avoid unwanted states to reduce execution times. We are going to skip the challenge 01_angr_avoid as...

Introduction to angr Part 0

19 March 2019 at 23:00
Baby steps in symbolic execution - I need a holiday. I definetely need one. But what’s the point in going on vacation if you never learned how to use angr in a CTF? Wait, you are telling me this is not a reason not to go on vacation? Well, too bad, you should’ve told me before...

Enigma 2017 Crackme 0 Writeup

12 March 2019 at 23:00
Reverse engineering with Binary Ninja and GDB - Yesterday I bought the commercial edition of Binary Ninja and I wanted to test it out so I went looking for some interesting reverse engineering challenges. Since I SUCK at reverse engineering I decided to go for a simple crackme from the 2017 edition of the Enigma CTF called Crackme...

GRIP v0.1

26 January 2019 at 23:00
Go RIP Injection Program - It has been in my mind for quite some time to learn Golang and write some pentesting-oriented tools lately. I’ve finally made up my mind and wrote a tool to inject fake RIPv2 routes in a network in Go that I called Golang RIP Injection Program (or GRIP for short)....

Securing Your Macbook Part 3

23 January 2019 at 23:00
2FA at login: using Yubikeys as a second authentication layer - Introduction Quick recap of what we saw in the first and second parts of this series. We started out by seeing how to setup your Macbook so that only one account is allowed to decrypt FileVault2, effectively creating two different passwords for mass storage decryption and user login authentication. After...

Securing Your Macbook Part 2

22 January 2019 at 23:00
Separating Privileges (2): different accounts for different privilege levels - Introduction Quick recap of what we saw in the last post. In the first part of this series we saw how to create a new user and allow only him to unlock FV2. This effectively allows having different passwords for FV2 decryption and user authentication. In this short post we...

Securing Your Macbook Part 1

20 January 2019 at 23:00
Separating Privileges (1): different passwords for decryption and authentication - Introduction This is a blogpost series on how I keep my Macbook insecure. These posts take a lot from the following resources so kudos to them first: macOS Security and Privacy Guide Configuring macOS Sierra to authenticate with YubiKey 4 The idea behind this is to make it impossible very...

Hello world!

20 January 2019 at 23:00
Ok so, this is not much actually, just a silly hello world (tbh, I’m keeping it so I remember how to put images in posts in the homepage) This is how I will highlight important stuff in posts: NOTE: this is a note, I'll use it to make things clearer...