Posts

Writeup: Timbershade - TRAFFIC ANALYSIS EXERCISE

3 minute read Published:

I had already solved one exercise from @malware_traffic's website about network traffic related to malware infections. I have been slow to pick a new exercise from the very long list but I chose Timbershade and it was a lot of fun! Short one, but learned a lot once again.
Malware Traffic Analysis @malware_traffic blog has a lot of knowledge so I highly recommend to bookmark it somewhere. The real treasure is of course the amazing exercises page. Depending on the exercise, you get a pcap and other files. The pcap file is a traffic capture which we can analyse in Wireshark and find out where things went wrong! Being able to effectively analyse traffic is a very important skill for the security of any organisation.

HTB Write-up: Bastion

4 minute read Published:

Bastion just retired this weekend on HackTheBox.eu so I thought I would do a short write-up of what I learned during this Windows box.
The Bastion Windows box retired this weekend on HackTheBox. It was a Windows box, quite easy to solve but learned a lot along the way. It’s my first write-up of a HTB box so it might not be the best but hopefully it will be a nice summary! We learn about SMB, mounting VHD in Linux, stealing Windows hashes, cracking them with John, and exploiting a program for Privesc.

Writeup: TRAFFIC ANALYSIS EXERCISE

4 minute read Published:

Found the great website of @malware_traffic about network traffic related to malware infections. This is a subject that interests me a lot so I thought I would give the exercises a try and see if I can find something!
Malware Traffic Analysis @malware_traffic’s blog has a lot of knowledge so I highly recommend to bookmark it somewhere. The real treasure is of course the amazing exercises page. Depending on the exercise, you get a pcap and other files. The pcap file is a traffic capture which we can analyse in Wireshark and find out where things went wrong! Being able to effectively analyse traffic is a very important skill for the security for any organisation.

Upload enumeration tools to a linux server

3 minute read Published:

One of the first things I was asking myself when finally getting access to a linux server at my very beginning was 'How do I even upload the enumeration tools to do the privilege escalation?'. I got the question from someone who was beginning on HTB recently so this short article might help.
Privilege Escalation (privesc) When getting access to a server, either during a CTF or a pentesting assignment, you will probably have a limited access to the server itself. Probably because you accessed it through a compromised user. Your goal is to find a way to become root which would give you unlimited access to the server and the running programs. See, developers and sysadmins can make mistakes and have the programs running with the wrong settings.

i18 Challenge - Part 2

4 minute read Published:

Here is the second part of the i18 CTF with 4 more challenges. This time I learned about Reverse Engineering, DNS lookup, more RE, and finally some steganography that ended up not working.
5: Lett fluidmekanikk An executable file. Clue one: The program also accepts the password as an argument. Clue two: The password exists (perhaps) in a dictionary. We get an executable file asking for a password. Enter the wrong one and it quits. I’m a complete beginner in Reverse Engineering but I have enjoyed a few tutorial videos so let’s jump right in with Immunity. When you open the file, right click View module ‘crackme’.