Same shit, other day? - I told you in the last post we would have tested angr on a reverse engineering challenge different from the ones we’ve seen so far in angr_ctf. Since I’m a lamer lazy person I did not want to completely reanalyze a new binary so I went for the one we...

Symbolic (dynamic) memory FTW! - I need a holiday. WTF am I doing here now? 4AM in the morning, mindlessly staring at a computer screen, tricking myself into thinking I’m actually learning something. I should probably go for a run(?) or learn to play an instrument(??) or probably just sleep like normal people do(???). No,...

Active Directory attacks, from zero to hero - Introduction It’s been almost two weeks since I took and passed the exam of the Attacking and Defending Active Directory course by Pentester Academy and I finally feel like doing a review. I was very excited to do this course as I didn’t have a lot of experience with Active...

It's not about the destination, it's about the journey - Let’s track this from the beginning. Why am I writing this piece? The answer is at the end of the post (go there for a tl;dr). On this blog I usually stick to technical posts because that’s what I feel like doing, teaching other people things I’m still learning to...

Lessons learned by pwning the Offshore pro lab by HTB - Greetings everyone, last is back! So, on the 28th of September I played the RomHack CTF with my fellow mates from JBZ and we arrived third, thanks to a flag submitted at the last second (a typical CTF tactic to make the other teams relax and then pwn them at...

Taming Kerberos and making it our loyal companion - To my good friend Vito and to the league of evil men. Let’s do some black wizardry, shall we? There is a well known thought experiment that makes one wonder whether a tree falling in a forest, with no one around to hear the sound of it hitting the ground,...

Scatter the (h)ashes... - Greetings fellow hackers! Last here, today we will take a look at a well known technique used by attackers in AD environments, the infamous overpass-the-hash. “BuT lAsT, pAsS tHe HaSh iS sO 1997!11!1!!” you could say. And you would be right, partly. Time for an anecdote! It was the beginning...

Quick primer on how to setup and use dnscat2 - dnscat2 uses a client server architecture to tunnel traffic via UDP and/or DNS queries. It can be used to bypass firewalls and execute commands on the machine running the client. It can also be used to to tunnel traffic from the server to the internal network of the client through...

The difficult relationship between nihilism, cybersecurity professionals and Being-A-Dick behaviour - Disclaimer: if you are looking for a strictly technical article, the ones I usually write, you will be disappointed. This blogpost is mainly my two cents on the way we, cybersecurity professionals, usually deal with situations, organizations and people, both techies and non-techies. Introduction A few days ago, I was...