Cyber Blog​

Summary Docker images offer many benefits, they can also present challenges for developers and security professionals who need to...

Enumerating Docker Registries

Docker containers are like book chapters while VM's are the entire book.

Engagement Flow Summary This was an amazing lab with a narrow attack surface requiring many steps. The initial portion of the user phase...

Enumeration Summary This machine initially required subdomain enumeration which opened the door for a new attack surface that was...

Hard Disk Layout du -h --max-depth=1 - Total space taken by each directory du -h --max-depth=1 /usr - Total space taken up individually...

Engagement flow Enumeration We start off with a standard enumeration phase where we have a narrow attack surface. We know this will...

Task 1 - Introduction The first task is fairly simple so I will elaborate on OpenVas. The OpenVas project was born in 2005 when the...

References: https://python-poetry.org/ https://github.com/python-poetry/poetry https://python-poetry.org/docs/...

References https://www.greenbone.net/en/notus/ https://www.greenbone.net/en/new-vulnerability-scanner-notus/ https://www.greenbone.net/en...

Engagement flow Enumeration Port discovery Web enumeration apk download Browsing to the website we see options for a download and a get...

PHP, RCE, Reversing, File System, Forensics, Attacks/Weak Password, Attacks/Backdoor

#Wordpress #CMSExploit #LFI #CVE

Pre-amble The focus of this hands on lab will be an APT scenario and a ransomware scenario. You assume the persona of Alice Bluebird, the...

These are my writeups for the tenable CTF Forensic category. This challenge presents us with a pdf document containing redacted...

Welcome Google will run the 2021 CTF competition in two parts: an online jeopardy-CTF competition, and second contest open only to the...

Topics: Python, CVE, Sudo Exploitation, sub domain enumeration, Exiftool, file upload, ssh keys, pspy, custom script, image magick,

#PHP #CMS Exploit #SQLi #CVE #SUID #SQL #RCE

Javascript, Source Code Review, Git, Weak Authentication, OS Command Injection, SUID, Auth failure.

The attached PCAP belongs to an Exploitation Kit infection. Analyze it using your favorite tool and answer the challenge questions....

Work flow Summary Another easy machine that required several twists and turn along the way to root. Starting off with a narrow attack...

Scenario: An accountant at your organization received an email regarding an invoice with a download link. Suspicious network traffic was obs

Docker, API, CVE, RCE, Golang, Source Code Review, Git abuse, LFI, cmd injection.

SCP File injection, MITM - Responder, NTLM, evil-winrm, printer nightmare.