ctf/hackathon

HackTheBox Traverxec Write-up

Traverxec is an interesting box, mainly because the HackTheBox team rated it as easy while the community disagreed and voted it to medium difficulty. It involved a funky privilege escalation that I had not seen before. Let's see how it's done! Our first nmap scan does not return exciting results: $ nmap -sS -sC -oN… Continue reading HackTheBox Traverxec Write-up

ctf/hackathon

The DEFCON 27 Packet Hacking Village Honeypot Challenge

This year marks the first time I got to attend DEFCON Las Vegas — one of the largest hacker conferences in the world. There are a plethora of things to discover and try out. The talks can be streamed later, but the workshops and spontaneous gatherings? A challenge that caught my eye was the honeypot challenge in… Continue reading The DEFCON 27 Packet Hacking Village Honeypot Challenge

ctf/hackathon

HackTheBox fs0sciety Write-up

fs0ciety is yet another low-hanging fruit among the HackTheBox challenges. It's great for beginners who want to test their process for cracking password-protected zip files and recognition of various encodings. For that, we will use fcrackzip - simply for the reason that it has been around for ages and ships with Kali by default. I… Continue reading HackTheBox fs0sciety Write-up

cryptography

Explain like I’m five: Cryptographic Hashing

tl;dr Just check out the image and read the details below it if you want to know even more. 🙂 A few days back I read an article by Yunyun Chen explaining Hashing in an infographic. I enjoyed it and read some comments, which pointed out a couple of weak spots that result from common misconceptions… Continue reading Explain like I’m five: Cryptographic Hashing

ctf/hackathon

HackTheBox 0ld_is_g0ld Write-up

0ld_is_g0ld is a HackTheBox challenge and a great way for beginners to familiarize themselves with PDF password cracking. If you have used Hashcat before, it's an easy win. Verifying we indeed are targeting the correct file format: $ file 0ld\ is\ g0ld.pdf 0ld is g0ld.pdf: PDF document, version 1.6 We can extract the hash using… Continue reading HackTheBox 0ld_is_g0ld Write-up

software engineering

The Thing about Mutable Default Arguments in Python

Yesterday I stumbled across some code like this… def search_children(statespace, node, start_index=0, depth=0, results=[]): if depth < MAX_SEARCH_DEPTH: n_states = len(node.states) if n_states > start_index: for j in range(start_index, n_states): if node.states[j].get_current_instruction()['opcode'] == 'SSTORE': results.append(node.states[j].get_current_instruction()['address']) ... The semantics of the code don’t really matter here. Still spot the bug? It’s a very common Python gotcha… Continue reading The Thing about Mutable Default Arguments in Python

software engineering

Low-level Debugging of Stubborn Docker Containers

A few weeks back I have started contributing to the awesome Mythril project. Mythril is a security scanner for smart contracts that allows everyone to look for vulnerabilities on- and off-chain by being able to analyze raw smart contract code, as well as the actual Solidity code file. To make setting it up more easy,… Continue reading Low-level Debugging of Stubborn Docker Containers