RSS Security

πŸ”’
❌ About FreshRSS
There are new articles available, click to refresh the page.
β˜‘ β˜† βœ‡ not so pro

Offensive Operations in Active Directory #1

β€”
Scatter the (h)ashes... - Greetings fellow hackers! Last here, today we will take a look at a well known technique used by attackers in AD environments, the infamous overpass-the-hash. β€œBuT lAsT, pAsS tHe HaSh iS sO 1997!11!1!!” you could say. And you would be right, partly. Time for an anecdote! It was the beginning...
β˜‘ β˜† βœ‡ not so pro

Offensive Operations in Active Directory #0

β€”
Taming Kerberos and making it our loyal companion - To my good friend Vito and to the league of evil men. Let’s do some black wizardry, shall we? There is a well known thought experiment that makes one wonder whether a tree falling in a forest, with no one around to hear the sound of it hitting the ground,...
β˜‘ β˜† βœ‡ not so pro

Tactical Debriefing - Offshore

β€”
Lessons learned by pwning the Offshore pro lab by HTB - Greetings everyone, last is back! So, on the 28th of September I played the RomHack CTF with my fellow mates from JBZ and we arrived third, thanks to a flag submitted at the last second (a typical CTF tactic to make the other teams relax and then pwn them at...
β˜‘ β˜† βœ‡ not so pro

My (ongoing) path to cyber security.

β€”
It's not about the destination, it's about the journey - Let’s track this from the beginning. Why am I writing this piece? The answer is at the end of the post (go there for a tl;dr). On this blog I usually stick to technical posts because that’s what I feel like doing, teaching other people things I’m still learning to...
β˜‘ β˜† βœ‡ not so pro

Attacking and Defending Active Directory course review

β€”
Active Directory attacks, from zero to hero - Introduction It’s been almost two weeks since I took and passed the exam of the Attacking and Defending Active Directory course by Pentester Academy and I finally feel like doing a review. I was very excited to do this course as I didn’t have a lot of experience with Active...
β˜‘ β˜† βœ‡ not so pro

Introduction to angr Part 3

β€”
Symbolic (dynamic) memory FTW! - I need a holiday. WTF am I doing here now? 4AM in the morning, mindlessly staring at a computer screen, tricking myself into thinking I’m actually learning something. I should probably go for a run(?) or learn to play an instrument(??) or probably just sleep like normal people do(???). No,...
β˜‘ β˜† βœ‡ not so pro

Introduction to angr Part 2.1

β€”
Same shit, other day? - I told you in the last post we would have tested angr on a reverse engineering challenge different from the ones we’ve seen so far in angr_ctf. Since I’m a lamer lazy person I did not want to completely reanalyze a new binary so I went for the one we...
β˜‘ β˜† βœ‡ not so pro

Introduction to angr Part 2

β€”
Jarvis, sometimes you gotta run before you can walk - Searching on Google how to combat writer’s block and blank page fear? Check. I really don’t know how to start this time, probably because I’m distracted so let’s dive right into it. In the last post we learnt how to inject a symbolic bitvector inside a register using angr and...
β˜‘ β˜† βœ‡ not so pro

Introduction to angr Part 1

β€”
You need to learn to walk before you can run - In the zeroth part of this series we learnt how to perform some very basic symbolic execution of a simple binary. This time we are going to talk about symbolic bitvectors and how to avoid unwanted states to reduce execution times. We are going to skip the challenge 01_angr_avoid as...
β˜‘ β˜† βœ‡ not so pro

Introduction to angr Part 0

β€”
Baby steps in symbolic execution - I need a holiday. I definetely need one. But what’s the point in going on vacation if you never learned how to use angr in a CTF? Wait, you are telling me this is not a reason not to go on vacation? Well, too bad, you should’ve told me before...
β˜‘ β˜† βœ‡ not so pro

Enigma 2017 Crackme 0 Writeup

β€”
Reverse engineering with Binary Ninja and GDB - Yesterday I bought the commercial edition of Binary Ninja and I wanted to test it out so I went looking for some interesting reverse engineering challenges. Since I SUCK at reverse engineering I decided to go for a simple crackme from the 2017 edition of the Enigma CTF called Crackme...
β˜‘ β˜† βœ‡ not so pro

GRIP v0.1

β€”
Go RIP Injection Program - It has been in my mind for quite some time to learn Golang and write some pentesting-oriented tools lately. I’ve finally made up my mind and wrote a tool to inject fake RIPv2 routes in a network in Go that I called Golang RIP Injection Program (or GRIP for short)....
β˜‘ β˜† βœ‡ not so pro

Securing Your Macbook Part 3

β€”
2FA at login: using Yubikeys as a second authentication layer - Introduction Quick recap of what we saw in the first and second parts of this series. We started out by seeing how to setup your Macbook so that only one account is allowed to decrypt FileVault2, effectively creating two different passwords for mass storage decryption and user login authentication. After...
β˜‘ β˜† βœ‡ not so pro

Securing Your Macbook Part 2

β€”
Separating Privileges (2): different accounts for different privilege levels - Introduction Quick recap of what we saw in the last post. In the first part of this series we saw how to create a new user and allow only him to unlock FV2. This effectively allows having different passwords for FV2 decryption and user authentication. In this short post we...
β˜‘ β˜† βœ‡ not so pro

Securing Your Macbook Part 1

β€”
Separating Privileges (1): different passwords for decryption and authentication - Introduction This is a blogpost series on how I keep my Macbook insecure. These posts take a lot from the following resources so kudos to them first: macOS Security and Privacy Guide Configuring macOS Sierra to authenticate with YubiKey 4 The idea behind this is to make it impossible very...
β˜‘ β˜† βœ‡ not so pro

Hello world!

β€”
Ok so, this is not much actually, just a silly hello world (tbh, I’m keeping it so I remember how to put images in posts in the homepage) This is how I will highlight important stuff in posts: NOTE: this is a note, I'll use it to make things clearer...
❌