The year was 1999; what an awesome year!! The Y2K bug made us all rich (or poor)… we all started to see dead people using our Sixth Sense … and primary coloured drugs became all the rage as we followed the white rabbit into The Matrix. On top of all that excitement, a couple of […]
What follows is my brief review of the “Cracking the Perimeter” course and the associated OSCE challenge. You can find my reviews of the OSWP and OSCP challenges at the following locations: “The will, the Wifu, and the paper” – OSWP “A splash of Pain, a dash of Sufference, and bucket load of Humble.” – […]
Background: On the 16th October 2016 I discovered a number of vulnerabilities in Red Lion Controls’ Sixnet SLX Managed Industrial Switches and AutomationDirect’s STRIDE Managed Ethernet Switches. The industrial switches are commonly deployed worldwide in critical infrastructure environments and were identified to Use Hard-coded Cryptographic Keys (CVE-2017-9335 | CWE-321) as well as Incorrect Permissions Assignment […]
At a recent forum, I was asked a very simple question; “Is it really ‘that’ important to secure our IoT devices?” Whilst the answer may seem quite obvious, the real question is why? Why is it ‘that’ important to secure our IoT devices? What could possibly go wrong with insecure deployments? In late September, the […]
After the success of my first boot2root, The Wall, I decided I would create another challenge. Welcome to The Necromancer! There are 11 flags to collect on your way to solving the challenging, and the difficulty level is considered as beginner. The end goal is simple… destroy The Necromancer! I hope everyone enjoys the challenge. […]
It has been a while since I have had a crack at any of the boot2root boxes over at vulnhub, so when I saw the following tweet saying there was a Mr Robot inspired VM released I could not hold back! Like always… let’s see what ports are open. Port 80 and 443; nice. Let’s […]
Background On the 4th August 2015, I discovered a cross-site scripting vulnerability in Schneider Electric’s PowerLogic 800 power meter, specifically in the embedded webserver on the PM8ECC add-on module. After a lengthy nine (9) month disclosure period, Schneider Electric formally thanked me and released a firmware patch to fix the vulnerability, under security advisory SEVD-2016-132-01. […]
Picture this… you are having a crack at a CTF comp, and you have managed to smash most of the miscellaneous, web, forensic, and trivia challenges. The scoreboard shows that you have had a pretty good run, but then.. one by one other teams start to leap frog you on the ladder! What is going […]
Shearwater Solutions recently hosted a 48-hr Capture the Flag contest for AusCERT2016. Here’s a very quick and dirty write-up of how I solved the “Game of Memory” challenges for the SecTalksBNE team. The description for the challenge was: The 1337 and 100 work for the same company, they sit across from each other on the […]
Recently I was privileged to be a tester for a new CTF created by @dookwit for the Sectalks Brisbane meetups. This write-up will be a little long in the tooth for seasoned CTF folk, however my goal is to write this for a beginner audience in order to share entry level enumeration techniques and general […]
It’s been a while since I have looked at any boot2root challenges, so let’s have a crack at SickOs: 1.2 by @D4rk36 “This is second in following series from SickOs and is independent of the prior releases, scope of challenge is to gain highest privileges on the system.” Bit of a side note before we […]
Time to catch up with the Sectalks CTF’s. First up, Minotaur (Sectalks BNE0x00) “== Minotaur CTF == Minotaur is a boot2root CTF. Once you load the VM, treat it as a machine you can see on the network, i.e. you don’t have physical access to this machine. Therefore, tricks like editing the VM’s BIOS or […]