-
Here phishy phishy phishy…
As a red teamer, I will often phish my targets. Most of the time I’ll do this to gain an initial foothold in to the target environment, however sometimes I may also phish victims as part of my escalation methodology. To be honest, sometimes I may also phish the targets just to feed my own […]
-
(CVE-2017-14020) Automation Direct Multiple Software Vulnerabilities
Background: In late July 2017, I discovered vulnerabilities in a number of AutomationDirect’s industrial control products, particularly around the programming and interaction software. These vulnerabilities can be exploited by placing a crafted DLL file in the software search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and […]
-
(CVE-2017-14029) VTScada HMI and SCADA Software Vulnerability
Background: On the 05th August 2017 I discovered an Uncontrolled Search Path Element (CWE-427) vulnerability in Trihedral Engineering Limited’s VTScada HMI and SCADA software. This vulnerability can be exploited by placing a crafted DLL file in the search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and […]
-
(CVE-2017-13993) i-SENS Inc. SmartLog Diabetes Management Software Vulnerability
Background: On the 03rd August 2017 I discovered an Uncontrolled Search Path Element (CWE-427) vulnerability in i-SENS Inc. SmartLog Diabetes Management Software. This vulnerability can be exploited by placing a crafted DLL file in the search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and execute arbitrary […]
-
Hunting eggs and 0-days…
What follows is my brief review of the “Cracking the Perimeter” course and the associated OSCE challenge. You can find my reviews of the OSWP and OSCP challenges at the following locations: “The will, the Wifu, and the paper” – OSWP “A splash of Pain, a dash of Sufference, and bucket load of Humble.” – […]
-
Whois Mr Robot
It has been a while since I have had a crack at any of the boot2root boxes over at vulnhub, so when I saw the following tweet saying there was a Mr Robot inspired VM released I could not hold back! Like always… let’s see what ports are open. Port 80 and 443; nice. Let’s […]
-
Game of Memory – Auscert2016 CTF
Shearwater Solutions recently hosted a 48-hr Capture the Flag contest for AusCERT2016. Here’s a very quick and dirty write-up of how I solved the “Game of Memory” challenges for the SecTalksBNE team. The description for the challenge was: The 1337 and 100 work for the same company, they sit across from each other on the […]
-
dookcorp!… BNE0x09 CTF
Recently I was privileged to be a tester for a new CTF created by @dookwit for the Sectalks Brisbane meetups. This write-up will be a little long in the tooth for seasoned CTF folk, however my goal is to write this for a beginner audience in order to share entry level enumeration techniques and general […]
-
Fully Sick(Os) 1.2 mate
It’s been a while since I have looked at any boot2root challenges, so let’s have a crack at SickOs: 1.2 by @D4rk36 “This is second in following series from SickOs and is independent of the prior releases, scope of challenge is to gain highest privileges on the system.” Bit of a side note before we […]
-
Mess with the Bull, Get the Horn
Time to catch up with the Sectalks CTF’s. First up, Minotaur (Sectalks BNE0x00) “== Minotaur CTF == Minotaur is a boot2root CTF. Once you load the VM, treat it as a machine you can see on the network, i.e. you don’t have physical access to this machine. Therefore, tricks like editing the VM’s BIOS or […]
-
Set the Controls for the Heart of the Sun
Recently I created my first boot2root challenge, The Wall for the Vulnhub community. I hope everyone enjoys the challenge, and here’s my writeup of the intended path to root. “In 1965, one of the most influential bands of our times was formed.. Pink Floyd. This boot2root box has been created to celebrate 50 years of […]
-
Grabbing loot from vmdk’s
An acquaintance recently dropped me a line asking for some help with a gig she was working on. After sharing the background about the work she had performed so far, she said something which made me promptly sit up and listen… “I have access to backups… Can we do anything with vmdk’s?”. Needless to say, […]