Recent Posts:

Breaking the Competition (Bug Bounty Write-up)

In this post, I'll be describing how I found 5 bugs on a private HackerOne program. The website that I attacked was a new CTF hosting provider, and I had actually participated in a CTF using this provider prior to being invited to their private program. [Read More...]

BLK_BOX Challenge Write-up

Around 6 months ago, HMGCC released a challenge and offered a challenge coin to anyone who completed it. I started pretty late on, but managed to get it done in time. This consisted of 7 stages, ranging from reverse engineering to traffic analysis. At the time of writing, you can still have a go yourself here. [Read More...]

Sunshine CTF 2019 Write-up

At the end of March this year, [email protected] released a CTF in collaboration with BSides Orlando 2019. Our team ended up coming 13th, narrowly missing out on a top 10 spot. You can find the homepage for this CTF here. [Read More...]

StegOnline: A New Steganography Tool

Over the last couple of months, I have been developing an online image Steganography tool designed to combine and enhance the features of other separate tools. It's open-source and due to the nature of Angular, it's easy to add to. [Read More...]

Secnotes Write-up (HTB)

TL;DR: SQLi & WSL Escape | I did this box a few months ago, so the commentary on it may be a little rusty. It's clear that it was popular, since it wasn't voted out for so long. The main attack vectors in this were SQL Injection through the login field, and then escaping through cleartext passwords in the Windows Subsystem for Linux. [Read More...]

Waldo Write-up (HTB)

As opposed to the more generic two-stage boxes, Waldo was unique in that there were three challenges to overcome, and each had completely different methods needed to do so. Whilst the third stage was a little tedious and hard to explain, I learnt about some small Linux functions that I never knew existed before. [Read More...]

Bounty Write-up (HTB)

TL;DR: .config webshell & Metasploit Privesc. | In this box, I wasted a lot of time trying to get an initial foothold, since it's rare to have to perform so many different dirb scans in order to find anything useful. However, once I worked out what I had to do, the box was both fun and interesting. Since I don't know much about Microsoft Server security, Windows boxes are always a challenge to complete. [Read More...]

Union SQLi Challenges (Zixem Write-up)

I've always avoided learning more about SQL Injections, since they've always seemed like quite a daunting part of Infosec. Because of this, I finally decided to put in some time to an SQLi-focused wargame in order to sharpen my skills a little. You can find the challenges at the website below: [Read More...]

DevOops Write-up (HTB)

TL;DR: XXE & Git Reverts. | While DevOops is known to be fairly easy, it was still good practice and fun to do. While I have seen both the same user and root methods in other CTFs before, they were both presented well, and overall the box was very well-structured. [Read More...]

Last updated at: 2020-06-26 10:09:30.571657  |   Visitor #12899.