DerbyCon 9 – TrustedSec Challenge Coin Solution

TrustedSec DerbyCon 9 Challenge Coin Front

This last weekend was the final DerbyCon. We’ll #TrevorForget. It was also an event filled with several quick and fun CTFs… and since I’ve been deficient in posting things lately, I figured I’d catch up by showing how to solve a whole pile of them. First up: the TrustedSec Challenge Coin! Attendees could get one of these by just showing up and asking for one, and there was a prize pack being awarded to anyone who could solve it. I was the fifth to do so, and figured others might want to know how to get to the final message.

Continue reading “DerbyCon 9 – TrustedSec Challenge Coin Solution” →

September 14, 2019 0

Analyzing Multiple APKs At Once

This falls into that series of things where I had to make something work when there wasn’t a pre-built package, so I’m documenting it here in case (1) I ever need to do this again, or (2) someone else can benefit from it. Let’s say you’re looking into a device that runs on Android, and it has a bunch of APKs that you have no clue what to do with… why not use some common tools to quickly process all of those files?

Continue reading “Analyzing Multiple APKs At Once” →

June 10, 2019 1

Quick Hit: Base64 PowerShell Exfiltration

Okay, so you’ve landed in a constrained language PowerShell on a remote box, and the local application security policy is stopping you from using all the regular stuff (e.g. netcat, opening network connections, etc)… but you need to exfil a medium amount of binary data. How would you do that?

The following isn’t perfect, but it’s the solution I used recently… feel free to share better solutions! 🙂

Continue reading “Quick Hit: Base64 PowerShell Exfiltration” →

March 14, 2019 0

Quick-Hit: Am I Inside A Docker Container?

If you don’t know, here’s an easy way to find out…

cat /proc/self/cgroup

If you see “/docker/{hash}” following one of the outputs then yes, yes you are. A non-Docker system looks like the following:

Continue reading “Quick-Hit: Am I Inside A Docker Container?” →

February 12, 2019 0

Quick-Hit: Editing Submissions in BurpSuite

Let’s say you’re running some tests on a service and want to use some characters that aren’t standard in your systems’ character set. How do you do that?

Continue reading “Quick-Hit: Editing Submissions in BurpSuite” →

February 8, 2019 0

Proxmark3 RDV 4

So… I got a Proxmark3 RDV 4 for Christmas. It’s great. It’s tiny, svelte, and… had a bunch of errors right out of the box. Naturally that means it’s time to reflash it, but as it turns out the default wiki instructions for Kali Linux aren’t quite right for the RDV 4 now. Let’s fix that, shall we?

Continue reading “Proxmark3 RDV 4” →

December 26, 2018 1

The OSI Model – Pro Edition

I had some requests to provide my take on the OSI model separately from the presentation I made at PwnSchool, so here you go… the most comprehensive, authoritative version of the OSI model ever presented.

Continue reading “The OSI Model – Pro Edition” →

October 22, 2018 0

Wireless Hacking

This is just a quick post to provide the presentation I gave tonight at PwnSchool. If you’d like to review it you can download it here. Thanks!

Topics covered:

Introduction to Radio Frequency
Wireless Hacking (WEP and WPA2)
RFID Hacking (HID Prox and MIFARE)
Bluetooth Hacking (Bluelog/bluesnarfer/Wireshark/etc)

October 17, 2018 0

The Four Three Rule of Team PenTesting

Two posts in one night, because I’m catching up on some backlog items. I’ve been teaching/training a team on PenTesting lately, and it’s caused me to think through some personal truths and approaches that I’ve taken for several years. While going through that process I came to realize that I’d never really formally codified them; this is my attempt to do just that. It all comes down to what I’m now going to call the “Four Three Rule of Team PenTesting”.

Continue reading “The Four Three Rule of Team PenTesting” →

October 3, 2018 0

RFID Fundamentals

I realized I didn’t have any good notes on Radio Frequency Identification (RFID) tags/badges/etc, so I figured it was time to compile that and update it while I’m at it. This post is just a quick run-down of the frequencies, types, and common cards/IDs. If you don’t know what an RFID is, for the purposes of most pentesting it’s a security badge or a key fob, like you can see in the image at the top of this posting.

Continue reading “RFID Fundamentals” →

October 2, 2018 0