DerbyCon 9 – DomainTools CTF – Reversing

Part three of the DerbyCon DomainTools CTF write-ups.  You can find coverage of all the Crypto challenges here and coverage of all the Forensics challenges here.  This finishes up the solutions for every challenge in the CTF, broken up by the same section names that they used.  When possible, I’ll also be creating CyberChef recipes to directly solve each challenge, and linking to them following the solution description.  Let’s get started!

Continue reading “DerbyCon 9 – DomainTools CTF – Reversing”

DerbyCon 9 – DomainTools CTF – Forensics

Part two of the DerbyCon DomainTools CTF write-ups.  You can find yesterday’s coverage of all the Crypto challenges here.  I’ll be contributing solutions for every challenge in the CTF, broken up by the same section names that they used.  When possible, I’ll also be creating CyberChef recipes to directly solve each challenge, and linking to them following the solution description.  Today: the forensics challenges!

Continue reading “DerbyCon 9 – DomainTools CTF – Forensics”

Fixing Firmware File Systems

Here’s the scenario: you’ve downloaded the firmware for a device that you want to explore in more depth, and extracted out the updates.  You dig through them and see that they’re EXT4 systems, and say “jackpot!” while rubbing your hands together in glee.  “A quick mount and I can browse to my heart’s content” you say to yourself… and then you see “wrong fs type, bad option, bad superblock on {DEVICE}, missing codepage or helper program, or other error.”  Let’s get past that. 🙂

Continue reading “Fixing Firmware File Systems”

Quick Hits: Screen

Ever been frustrated by a session that was running remotely when your SSH/nc/1337shell.phpaspxcf dropped, and all that work was wiped out in the blink of an eye because when that died your shell did too, and the OS was nice enough to clean it all up?

Yeah, it sucks. Fortunately, there’s an easy way to handle that, and it’s called “screen”. Let’s dive in.
Continue reading “Quick Hits: Screen”

Multi-OS Boot Build

One of the most frustrating things to do is shuffle various USB drives trying to remember which one you were using last (for persistent OS boots), or which one has the working version of “X” operating system/which installer.  This article covers how to take an external USB drive (whether a large thumb drive or an actual external hard drive) and turn it into a whizbang multi-OS booting device.

Continue reading “Multi-OS Boot Build”

PenTest Aliases and Setup

I like to setup a few things when I’m building an image for a pentest.  They’re helpers that keep me honest, because without them I’d likely forget something or miss some detail, and by establishing consistent patterns I reduce that risk.  To start with, I make a consistent directory structure.  For the sake of this article, let’s call it:

/engagement

Next up, I generate some subfolders which are critical to my process:
Continue reading “PenTest Aliases and Setup”

Powered by WordPress.com.

Up ↑