web3

Honest Attempts to Secure an Ecosystem

I have used my off-time from audits in the past months to write more about security. Especially in a nascent ecosystem like Ethereum still is, the most considerable impact can be delivered by educating people. Education has to happen in different modes of complexity, depending on the target audience: Developers must be educated on how… Continue reading Honest Attempts to Secure an Ecosystem

ctf/hackathon

HackTheBox Registry Write-up

Registry is a box rated at hard difficulty. There are quite a few steps involved, but with a bit of persistence and little experience with Docker internals (hint hint), it looks more daunting than it actually is. Let's go through the process of breaking in step by step! Out initial nmap scan is as unexciting… Continue reading HackTheBox Registry Write-up

ctf/hackathon

HackTheBox Fuzzy Write-up

Fuzzy is a fun and short challenge on a docker container. It is especially good for teaching beginners the basics of using a fuzzer to discover new endpoints on a webserver. Spawning the container and probing around a bit, we don't have too much success. Using dirbuster and a standard wordlist, we find the endpoint… Continue reading HackTheBox Fuzzy Write-up

web3

Construct Truffle Artifact Source Lists

Photo by Andrea Piacquadio from Pexels This is a quick and dirty workaround for an issue that has been bugging me a lot. Truffle is one of the central, if not the most central development tool for building smart contracts on Ethereum to date. When compiling a Truffle project, the output is stored in build/contracts by default. An… Continue reading Construct Truffle Artifact Source Lists

ctf/hackathon

HackTheBox Postman Write-up

Postman was an easy-going box. It required careful enumeration and beyond that did not have too much resistance in privilege escalation. This makes it a prime example for real-world M&M security where the initial foothold is hard, but there is few resistance on the inside. Let's start out by scanning the machine: # nmap -sS… Continue reading HackTheBox Postman Write-up

web3

The Web3 API has come to Python!

Last week I received an email in my inbox about a hackathon hosted by the awesome folks over at Amberdata. They are a provider for on-chain data and cover a large variety of blockchains - including Ethereum, Bitcoin, and Stellar. I have met the developers in the team in late 2018 when I was looking… Continue reading The Web3 API has come to Python!

ctf/hackathon

The 36C3 Telnet Challenge (a.k.a. Cat CTF)

This is a write-up from the 36th Chaos Communication Congress, 2019. It has been my fourth Congress. Timed shortly after Christmas, it feels like meeting a second kind of family after the holidays. Hackers from all over the world gather in Leipzig to celebrate the weirdness of our community, break technology, learn new things, and… Continue reading The 36C3 Telnet Challenge (a.k.a. Cat CTF)

cryptography, ctf/hackathon

HackTheBox Obscurity Write-up

Obscurity is a medium-difficulty box. It was super fun to solve because it involved great excuses for me to write some neat little helper scripts and find a vulnerability in Python code. Something you don't do too often in these challenges. Let's dive right in with a nmap scan: $ nmap -sS -sC -oN obscurity.nmap… Continue reading HackTheBox Obscurity Write-up