Protected: HTB USB Ripper
There is no excerpt because this is a protected post.
Jinja2 SSTI WAF Bypass
I recently sumbled onto a CTF chall that required SSTI and bypass the "WAF". The app.py looked like this: from werkzeug.urls import url_fix from secrets import token_urlsafe from flask import Flask, request, render_template, redirect, url_for app = Flask(__name__) @app.route("/") def index(): return render_template("index.html", error=request.args.get("error")) @app.route("/new", methods=["POST"]) def create(): content = request.form.get("content", "") if "_" in... » read more
PicoCTF It is my Birthday
It is my Birthday (100 points) SOLVED xNULL I sent out 2 invitations to all of my friends for my birthday! I'll know if they get stolen because the two invites look similar, and they even have the same md5 hash, but they are slightly different! You wouldn't believe how long it took me to... » read more
Pwntools offset to format string vuln
With this code you are able to efficiently calculate the offset to an string format vulnerability.
Windows fileserver migration
This is the commant to rule them all: I usually map the old fileserver shares to Z:\ and use E:\ on the new server . Make sure you got src and dst correct! Otherwise you will lose a lot of data. The following command compares all files from the source to the files of the... » read more
CompTIA Sec+ SY0-601
Exam Objectives Notes Lesson 1 CIA or AIC: Confidentially, Integrity, Availibility Information security tasks can be classified as followingThe five functions Identify: Develop security policies and capabilities. Evaluate risks, threats, vulnerabilities and recomment security controls to mitigate them Protect: Procure/develop, install, operate and decommission IT hardware and software assets with security as an embedded requirement... » read more
Darling: Redundancy
To add a more redundancy to my project and finally getting experience with docker and Kubernetes, I decided to deploy Darling in a Kubernetes cluster. It was a quite challenging task but totally worth the time. I learned to build my own Docker image from scratch and upload it to a private repository. Then I... » read more
Darling: Continuously monitoring threats
Status: WIP Conclusion & Implementation Let's start with our first Module "Continuously monitoring threats". I want to figure out what it means to monitor threats and what frameworks are available to me in order to do so. After my initial research we now know that there are terms such as threat intelligence which are used... » read more
The Darling project
If you found this, you probably are wondering what "The Darling project" is. To provide some context: I built a webapp called darling, to give me recipes of my favorite menus in case I get asked what I want to eat. Rarely I know what I want to eat because I am pretty low maintenance... » read more
Slithery CSAW CTF Quals 2020
This is an easy pwn challenge from the CSAW 2020 quals called Slithery. Setting up a new coding environment for my data science students. Some of them are l33t h4ck3rs that got RCE and crashed my machine a few times :(. Can you help test this before I use it for my class? Two sandboxes... » read more