-
Craft.HTB
Walk-Thru for Craft.HTB This is a detailed walk-thru for craft.htb written by dR1PPy Overall the host has been graded with a fair rating. The path to user is not simple, but there are not a lot of rabbit holes to find yourself trapped in. The path to root was fairly easy if you can […]
-
SwagShop.HTB
Walkthru for SwagShop This is a detailed walk-thru for SwapShop written by dR1PPy Challenges like the one posed by SwagShop are some of my favorite. The ones that require a good combination of skills with toolsets along with skills with chaining exploits. Overall a fun box to beat up on much thanks to ch4p for […]
-
Death by Heartbleed
With all the news of the Heartbleed SSL flaw in the media this week IT staff have been working to lock things down on servers & services. Here are 3 Simple ways to Identify if a domain is vulnerable to a Heartbleed Method 1 From any host running Chrome Web Browser search for and install the […]
-
The Logic behind Password Hashing
This is a mirror of a post originally found here: http://security.stackexchange.com/questions/211/how-to-securely-hash-passwords/31846#31846 The Theory We need to hash passwords as a second line of defence. A server which can authenticate users necessarily contains, somewhere in its entrails, some data which can be used to validate a password. A very simple system would just store the passwords themselves, and […]
-
Trolling the Red Team (Part 1)
Hey looks its a Red Team! Here they come with a few hours of work & a report that will hopefully provide more valuable information than “Here is what Nessus Found”. A simple way to test any Red Team’s worth is with a good trolling and disinformation effort once the engagement is underway. Good testers […]
-
Making BitCoin with Bots
In this article we will cover how to quickly setup a trading bot for crypto-currencies. As the difficulty for BTC continues to rise the profit in mining coins continues to drop. A good method to make up those losses is with a trading bot which will work to increase your profit margin by making the […]
-
Blind Zerg Rush for Security
While reviewing some old publications I came across this great article that was written just weeks after the 9/11 tragedy in NY. Based on recent events disclosed around the PRISM program and US Government actions against privacy in general the article seems to be very scary with it’s foreshadowing. Here is an excerpt taken from […]
-
From $40k to Free – The Carberp source leak
Very interesting source code leak today for the Carberp malware family. This black market malware once being offered for $40k will surely be of interest to anyone who conducts malware & botnet analysis. The leak included a few other tools that helped make it so successful like the bootloader, MC obfuscate, along with various functions […]
-
How to UN-n00B: Nitko
Sometimes it really fun to watch people stumble about. Watching the drunk bloke leave the local pub after way to many. Seeing as he stumbles about in his drunken dance trying to stay on his feet. Just before he hits the curb loses his footing and tumbles on his back into the middle of the […]