Cyber Blog​

We will be tackling the vulnerable application for the THM buffer overflow challenge level 1. Configure Mona Mona is a script that helps...

Summary This was a great machine involving guided routes for the initial access to the machine, without many rabbit holes. From here we...

This machine largely involved the enumeration of a git repository and flask application running on a couchDB. Writing a python script...

Overview This machine features an IT departments ticketing system that allows you to gain access by registering for a new account out of...

This was a fun pcap & wireshark challenge that involved a good initial investigation eventually leading to several HTTP files named...

Data exfiltration is a constantly evolving threat. I wanted to dive in deep on exfiltration techniques such as DNS exfiltration.

This is my writeup for a format string vulnerability, that we exploit to read data off the stack.

This was a simple reverse engineering challenge, however because I am not a developer full time I had to pull in one of my team mates to...

There is a handy tool that can allow anyone with a user level unprivileged SSH connection to create a VPN tunnel with little overhead....

Command Injection 101

This is a great machine that involves identifying WordPress vulnerabilities and leveraging burpsuite.

A machine featuring Server side template injection and exploiting Slunk Forwarders.

Jigsaw Ransomware Analysis In this blog we are analyzing Jigsaw ransomware through both static and dynamic approaches with the end goal...

This machine was largely focused around using openssl to custom craft a malicious SSL self signed certificate to gain unauthorized access.

This challenge deals with cookie manipulation and encoding.

This machines forces critical thinking of DNS records and name lookups. With module injection to finish it off.

Newark Academy CTF (NACTF) is an online jeopardy-style cybersecurity competition hosted by Newark Academy's Computer Science Club. Form...

Frolic had few open ports but many paths to exploitations. A ROP is required - be warned.

We get our foot in the door with open SMB shares and reverse engineer and encryption binary to take it all the way home.

Resolute is a difficult but straight forward machine involving LDAP enumeration, and DLL injection.

Powerful tools and techniques to employ Identity Access Management with Windows Server Roles/Features

This was the first Web Challenge from Google CTF, involving XSS and cookie stealing.

This was a particularly hard machine that covered subdomain discovery, LFI, scripting, and reverse engineering.

https://cybrics.net/ CyBRICS is a computer security competition (CTF) organized in a cross-university effort by BRICS countries academia....