DerbyCon 9 – TrustedSec Challenge Coin Solution

This last weekend was the final DerbyCon.  We’ll #TrevorForget.  It was also an event filled with several quick and fun CTFs… and since I’ve been deficient in posting things lately, I figured I’d catch up by showing how to solve a whole pile of them.  First up: the TrustedSec Challenge Coin!  Attendees could get one of these by just showing up and asking for one, and there was a prize pack being awarded to anyone who could solve it.  I was the fifth to do so, and figured others might want to know how to get to the final message.

Continue reading “DerbyCon 9 – TrustedSec Challenge Coin Solution”

Analyzing Multiple APKs At Once

This falls into that series of things where I had to make something work when there wasn’t a pre-built package, so I’m documenting it here in case (1) I ever need to do this again, or (2) someone else can benefit from it.  Let’s say you’re looking into a device that runs on Android, and it has a bunch of APKs that you have no clue what to do with… why not use some common tools to quickly process all of those files?

Continue reading “Analyzing Multiple APKs At Once”

Fixing Firmware File Systems

Here’s the scenario: you’ve downloaded the firmware for a device that you want to explore in more depth, and extracted out the updates.  You dig through them and see that they’re EXT4 systems, and say “jackpot!” while rubbing your hands together in glee.  “A quick mount and I can browse to my heart’s content” you say to yourself… and then you see “wrong fs type, bad option, bad superblock on {DEVICE}, missing codepage or helper program, or other error.”  Let’s get past that. 🙂

Continue reading “Fixing Firmware File Systems”

Quick Hit: Base64 PowerShell Exfiltration

Okay, so you’ve landed in a constrained language PowerShell on a remote box, and the local application security policy is stopping you from using all the regular stuff (e.g. netcat, opening network connections, etc)… but you need to exfil a medium amount of binary data.  How would you do that?

The following isn’t perfect, but it’s the solution I used recently… feel free to share better solutions! 🙂

Continue reading “Quick Hit: Base64 PowerShell Exfiltration”

Quick Hits: Screen

Ever been frustrated by a session that was running remotely when your SSH/nc/1337shell.phpaspxcf dropped, and all that work was wiped out in the blink of an eye because when that died your shell did too, and the OS was nice enough to clean it all up?

Yeah, it sucks. Fortunately, there’s an easy way to handle that, and it’s called “screen”. Let’s dive in.
Continue reading “Quick Hits: Screen”

Website Powered by

Up ↑