I recently had cause to make some training on how to get and perform some basic operations using BurpSuite, so I thought I’d share here. As always, feel free to use as you’d like. 🙂
Intro to BurpSuite
DerbyCon 9 – DomainTools CTF – Reversing
Part three of the DerbyCon DomainTools CTF write-ups. You can find coverage of all the Crypto challenges here and coverage of all the Forensics challenges here. This finishes up the solutions for every challenge in the CTF, broken up by the same section names that they used. When possible, I’ll also be creating CyberChef recipes to directly solve each challenge, and linking to them following the solution description. Let’s get started!
DerbyCon 9 – DomainTools CTF – Forensics
Part two of the DerbyCon DomainTools CTF write-ups. You can find yesterday’s coverage of all the Crypto challenges here. I’ll be contributing solutions for every challenge in the CTF, broken up by the same section names that they used. When possible, I’ll also be creating CyberChef recipes to directly solve each challenge, and linking to them following the solution description. Today: the forensics challenges!
DerbyCon 9 – DomainTools CTF – Crypto
Continuing with write-ups for events from DerbyCon is the DomainTools CTF. I’ll be contributing solutions for every challenge in the CTF, broken up by the same section names that they used. When possible, I’ll also be creating CyberChef recipes to directly solve each challenge, and linking to them following the solution description. First up: the crypto challenges!
DerbyCon 9 – TrustedSec Challenge Coin Solution
This last weekend was the final DerbyCon. We’ll #TrevorForget. It was also an event filled with several quick and fun CTFs… and since I’ve been deficient in posting things lately, I figured I’d catch up by showing how to solve a whole pile of them. First up: the TrustedSec Challenge Coin! Attendees could get one of these by just showing up and asking for one, and there was a prize pack being awarded to anyone who could solve it. I was the fifth to do so, and figured others might want to know how to get to the final message.
Continue reading “DerbyCon 9 – TrustedSec Challenge Coin Solution”
Fixing Firmware File Systems
Here’s the scenario: you’ve downloaded the firmware for a device that you want to explore in more depth, and extracted out the updates. You dig through them and see that they’re EXT4 systems, and say “jackpot!” while rubbing your hands together in glee. “A quick mount and I can browse to my heart’s content” you say to yourself… and then you see “wrong fs type, bad option, bad superblock on {DEVICE}, missing codepage or helper program, or other error.” Let’s get past that. 🙂
Quick Hit: Base64 PowerShell Exfiltration
Okay, so you’ve landed in a constrained language PowerShell on a remote box, and the local application security policy is stopping you from using all the regular stuff (e.g. netcat, opening network connections, etc)… but you need to exfil a medium amount of binary data. How would you do that?
The following isn’t perfect, but it’s the solution I used recently… feel free to share better solutions! 🙂
Continue reading “Quick Hit: Base64 PowerShell Exfiltration”
Quick-Hit: Editing Submissions in BurpSuite
Let’s say you’re running some tests on a service and want to use some characters that aren’t standard in your systems’ character set. How do you do that?
Continue reading “Quick-Hit: Editing Submissions in BurpSuite”
Gpg4win/Kleopatra for Windows
So you need a quick way to generate your own pgp keys and want to do it on a Windows box? Browse over to this page and download the latest version of Gpg4win.
Installation is pretty straight forward.
How to install Wget on Windows
Sometimes you just want to download a bunch of files without having to grab your linux box. Luckily, you can easily install WGet on windows and download content from web servers to your heart’s content.
