Cookie Consent by

All Posts by Category

reverse-engineering (3)
  • NSEC 2020 - Dreamcast

    Walkthrough of the two Dreamcast challenges from NorthSec 2020. Starting with a quick overview of the Dreamcast architecture then quickly pivoting into analyzing the provided roms follow along as I cover my approach and solution to the challenges.

  • NSEC 2020 - Crackme

    Walkthrough of the 6 crackme challenges from NorthSec 2020. With increasing difficulty, and not necessarily with the reversing portion itself, I was able to finish all 6 for my team. Follow along as I step through my solutions and add...

  • Buffer Overflows - CTF Prep

    A practical buffer overflow case study presentation to our local red team explaining basic concepts and approaches.

hack-the-box (18)
  • Hack the Box - Registry

    HTB Registry machine walkthrough. Working with insecure Docker credentials we manage to extract a SSH key and corresponding password crumbs for an initial user foothold. Following that access we find a sqlite file containing Bolt CMS admin credentials. Logging into...

  • Hack the Box - Sniper

    HTB Sniper machine walkthrough. From an initial LFI/RFI foothold within the company website, to abusing malicious Windows help files, Sniper presents the story of a disgruntled developer and their middle finger to the Administrator/CEO on their way out. Sniper was...

  • Hack the Box - Forest

    HTB Forest machine walkthrough. Forest started with Windows enumeration using SMB and LDAP queries that lead to leveraging a lingering service account with PRE_AUTH disabled for user access. Once on the machine, we were able to abuse the existing Active...

  • Hack the Box - Postman

    HTB Postman machine walkthrough. Postman was a quick, simple machine from HTB. We start off with a redis exploit for initial foothold, then pivot to user by using JTR to crack a backup SSH key before finally using an authenticated...

  • Hack the Box - Bankrobber

    Starting with a client side XSS exploit to get admin app credentials, then chaining it with a localhost code execution bypass we get a user priviledged shell. A suspicious app running locally as System then presented a ... delicate ......

  • Hack the Box - Zetta

    HTB Zetta machine walkthrough. Starting with an FTP FXP IPv6 leak, to an rsync brute-force for user access to the machine. Once on, chained custom syslog messages with a postgres SQL injection to pivot user access. Finally, a dubious password...

  • Hack the Box - AI

    HTB AI machine walkthrough. Initial portions were more frustrating than complicated, reminiscent of daily struggles dealing with various home assistants. Once foothold was established priviledged escalation to root involved abusing a java debugging process running locally.

  • Hack the Box - Bitlab

    HTB Bitlab machine walkthrough. A fun little box that has us work through gitlab based exploitation. From erroneously stored user credentials, to uploading and merging our own files to the project, to finally exploiting hooks to execute our own code...

  • Hack the Box - Craft

    HTB Craft machine walkthrough. A well designed moderate box from HTB that exemplified bad coding practice, sensitive data disclosures and token abuse into root.

  • Hack the Box - Wall

    HTB Wall machine walkthrough. An easy Linux machine from HTB that focused on RCE WAF bypass to establish an initial foothold then a direct pivot to root using a vulnerable suid binary.

  • Hack the Box - Heist

    HTB Heist machine walkthrough. Credential harvesting and spraying, dumping a running process to capture further credentials and a final credential spray to get Administrator access.

  • Hack the Box - Chainsaw

    HTB Chainsaw machine walkthrough. Anonymous ftp connections, smart contract abuse, InterPlanetary File System and cracked password protected ssh private keys for user pivot. A loosely defined SUID file and PATH hijacking for root shell then finally leveraging root.txt's slack space...

  • Hack the Box - Networked

    HTB Networked machine walkthrough. Generally discussed as the easiest of the active boxes at time of retirement there is nothing particularly complex with getting to root.

  • Hack the Box - Jarvis

    HTB Jarvis machine walkthrough. Jarvis involved a SQL Injection and a web-shell for initial foothold into sudo and filter bypass to User pivot with a final systemctl abuse to pivot into root.

  • Hack the Box - Haystack

    HTB Haystack machine walkthrough. A particularly well designed ELK (Elasticsearch, Logstash, Kibana) based machine offering a chance to dig into the full logging stack.

  • Hack the Box - Safe

    HTB Safe machine walkthrough. A contentious box from HTB requiring a custom developed ROP (return-oriented programming) exploit tied into cracking a KeepPass database.

  • Hack the Box - Ellingson

    HTB Ellingson machine walkthrough. Web enumeration and python console abuse for initial foothold, finding sensitive backup files and hashcat cracking for User pivot, finally into a ROP based overflow exploit for root priviledge escalation.

  • Hack the Box - Writeup

    HTB Writeup machine walkthrough. A relatively easy with an 'out-of-the-box' CMS exploit for User priviledges and an interesting login behavior abuse to pivot to root from there.

quantum-computing (2)
  • IBM Quantum Challenge 2020

    Overview and walkthrough of the IBM 4th anniversary Quantum Challenge excercises and my solutions.

  • Quantum Computing - Hello World

    An introductary look into Quantum Computing including the mechanics, concepts and mathematics involved. The focus will then shift to a practical implementation of these concepts using simulated environments and the qiskit python framework.

org-in-a-box (2)
  • Org-in-a-Box - Kerberos & NFS

    Second post covering my personal project of an "organization in a box". Based on the initial architecture this article goes over partially setting up the first two authentication servers in the project leveraging MIT Kerberos and NFSv4. These hosts will...

  • Org-in-a-Box - Architecture

    Initial post covering my personal project of an "organization in a box". Using fundamental open source Identity and Access Management components of an organization in a self-contained box to explore and expand knowledge of those various components. This article will...