As a red teamer, I will often phish my targets. Most of the time I’ll do this to gain an initial foothold in to the target environment, however sometimes I may also phish victims as part of my escalation methodology. To be honest, sometimes I may also phish the targets just to feed my own […]
Background: In late July 2017, I discovered vulnerabilities in a number of AutomationDirect’s industrial control products, particularly around the programming and interaction software. These vulnerabilities can be exploited by placing a crafted DLL file in the software search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and […]
Background: On the 05th August 2017 I discovered an Uncontrolled Search Path Element (CWE-427) vulnerability in Trihedral Engineering Limited’s VTScada HMI and SCADA software. This vulnerability can be exploited by placing a crafted DLL file in the search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and […]
Background: On the 03rd August 2017 I discovered an Uncontrolled Search Path Element (CWE-427) vulnerability in i-SENS Inc. SmartLog Diabetes Management Software. This vulnerability can be exploited by placing a crafted DLL file in the search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and execute arbitrary […]
What follows is my brief review of the “Cracking the Perimeter” course and the associated OSCE challenge. You can find my reviews of the OSWP and OSCP challenges at the following locations: “The will, the Wifu, and the paper” – OSWP “A splash of Pain, a dash of Sufference, and bucket load of Humble.” – […]
It has been a while since I have had a crack at any of the boot2root boxes over at vulnhub, so when I saw the following tweet saying there was a Mr Robot inspired VM released I could not hold back! Like always… let’s see what ports are open. Port 80 and 443; nice. Let’s […]
Shearwater Solutions recently hosted a 48-hr Capture the Flag contest for AusCERT2016. Here’s a very quick and dirty write-up of how I solved the “Game of Memory” challenges for the SecTalksBNE team. The description for the challenge was: The 1337 and 100 work for the same company, they sit across from each other on the […]
Recently I was privileged to be a tester for a new CTF created by @dookwit for the Sectalks Brisbane meetups. This write-up will be a little long in the tooth for seasoned CTF folk, however my goal is to write this for a beginner audience in order to share entry level enumeration techniques and general […]
It’s been a while since I have looked at any boot2root challenges, so let’s have a crack at SickOs: 1.2 by @D4rk36 “This is second in following series from SickOs and is independent of the prior releases, scope of challenge is to gain highest privileges on the system.” Bit of a side note before we […]
Time to catch up with the Sectalks CTF’s. First up, Minotaur (Sectalks BNE0x00) “== Minotaur CTF == Minotaur is a boot2root CTF. Once you load the VM, treat it as a machine you can see on the network, i.e. you don’t have physical access to this machine. Therefore, tricks like editing the VM’s BIOS or […]
Recently I created my first boot2root challenge, The Wall for the Vulnhub community. I hope everyone enjoys the challenge, and here’s my writeup of the intended path to root. “In 1965, one of the most influential bands of our times was formed.. Pink Floyd. This boot2root box has been created to celebrate 50 years of […]
An acquaintance recently dropped me a line asking for some help with a gig she was working on. After sharing the background about the work she had performed so far, she said something which made me promptly sit up and listen… “I have access to backups… Can we do anything with vmdk’s?”. Needless to say, […]