Donald Ashdown
WireShark - Pico CTF - twoo twoo - 100 points
This was a fun pcap & wireshark challenge that involved a good initial investigation eventually leading to several HTTP files named...
top of page
Search
Donald Ashdown
- Jun 1, 2021
Data Exfiltration with DNS
Data exfiltration is a constantly evolving threat. I wanted to dive in deep on exfiltration techniques such as DNS exfiltration.
Donald Ashdown
- May 26, 2021
Binary Exploitation - PicoCTF- Stonk - 20 points
This is my writeup for a format string vulnerability, that we exploit to read data off the stack.
Donald Ashdown
- May 9, 2021
justCTF 2020 - That's not crypto
This was a simple reverse engineering challenge, however because I am not a developer full time I had to pull in one of my team mates to...
Donald Ashdown
- Apr 25, 2021
What if SSH could VPN?
There is a handy tool that can allow anyone with a user level unprivileged SSH connection to create a VPN tunnel with little overhead....
Donald Ashdown
- Mar 14, 2021
OWASP Top 10 - OS Command Injection
Command Injection 101
Donald Ashdown
- Mar 7, 2021
HTB Tenten
This is a great machine that involves identifying WordPress vulnerabilities and leveraging burpsuite.
Donald Ashdown
- Mar 4, 2021
HTB Doctor
A machine featuring Server side template injection and exploiting Slunk Forwarders.
Donald Ashdown
- Jan 16, 2021
Jigsaw Ransomware Analyses
Jigsaw Ransomware Analysis In this blog we are analyzing Jigsaw ransomware through both static and dynamic approaches with the end goal...
Donald Ashdown
- Jan 13, 2021
HTB LaCasa De Papel
This machine was largely focused around using openssl to custom craft a malicious SSL self signed certificate to gain unauthorized access.
Donald Ashdown
- Jan 3, 2021
THM, Advent of Cyber2, Web Exploitation - Task 6
This challenge deals with cookie manipulation and encoding.
Donald Ashdown
- Dec 5, 2020
HTB Friend Zone
This machines forces critical thinking of DNS records and name lookups. With module injection to finish it off.
Donald Ashdown
- Nov 30, 2020
NA CTF - Forensics/Web & General
Newark Academy CTF (NACTF) is an online jeopardy-style cybersecurity competition hosted by Newark Academy's Computer Science Club. Form...
Donald Ashdown
- Nov 15, 2020
Hack the Box Frolic
Frolic had few open ports but many paths to exploitations. A ROP is required - be warned.
Donald Ashdown
- Oct 27, 2020
Hack the Box Nest
We get our foot in the door with open SMB shares and reverse engineer and encryption binary to take it all the way home.
Donald Ashdown
- Oct 13, 2020
Hack the Box Resolute
Resolute is a difficult but straight forward machine involving LDAP enumeration, and DLL injection.
Donald Ashdown
- Sep 13, 2020
Identity Access Management With Windows Server
Powerful tools and techniques to employ Identity Access Management with Windows Server Roles/Features
Donald Ashdown
- Sep 6, 2020
Google CTF 2020 Web Challenge - Pasteurize
This was the first Web Challenge from Google CTF, involving XSS and cookie stealing.
Donald Ashdown
- Aug 31, 2020
Hack The Box Forward Slash
This was a particularly hard machine that covered subdomain discovery, LFI, scripting, and reverse engineering.
Donald Ashdown
- Aug 25, 2020
CyBRICS CTF
https://cybrics.net/ CyBRICS is a computer security competition (CTF) organized in a cross-university effort by BRICS countries academia....
Donald Ashdown
- Aug 20, 2020
Information Disclosure With Port Swigger
In this blog, I am going over the Information Disclosure labs offered by port swigger. Although the exploitation of information...
Donald Ashdown
- Aug 18, 2020
OWASP Juice Shop Level
OWASP Juice Shop is a intentional insecure web application designed for skill development and training in web application security.
Donald Ashdown
- Aug 11, 2020
Web Cache Poisoning Unkeyed Header
Web cache poisoning is the process of modifying cached web pages on a server.
Donald Ashdown
- Aug 10, 2020
Bounty - Hack The Box
Bounty is a straight forward machine. Uploading and utilizing a web shell is the biggest learning point here.
bottom of page