Hello and welcome to my blog.

Take your time to sift through my posts to see if any one picks your interest, I mainly talk about offensive cybersecurity] but you might find bits and pieces of programming, ROM hacking, and capture the flag (CTF) challenges and maybe even more generic topics I find interesting.

If you’re interested in the theme I use for the site you can find it here.

If you want to have a discussion on any topic, feel like exchanging ideas, or want to ask me any questions there are a few ways you can reach me, the comments on this website being one of them, otherwise consult my contacts.

HackTheBox Writeup: Access

September 16, 2019

Despite this box being rather easy it can teach a couple important lessons to people new to Windows CTF’s / hacking: how to open .mdb and .pst files, which can contain very interesting info, and how to look for stored credentials to then use them with the runas utility to execute commands as other users, which is exactly how users are supposed to escalate their privileges to Administrator in this box, after logging in via Telnet thanks to the credentials found in an email contained in a . ... Read more …

Tags: hackthebox ctf writeup

VulnHub Walkthrough: Dawn

September 11, 2019

This is a walkthrough (or writuep, whatever term you prefer) of the very first VulnHub box I have rooted: Dawn. You can download it yourself here. It’s a box for beginners focused entirely on misconfigurations, the thing I like the most about it are the multiple paths you have to reach the one and only flag, there are apparently five, and I have missed one plus a horizontal privilege escalation path. ... Read more …

Linux Buffer Overflow Practice: Sh3llcod3v2

September 8, 2019

One day a friend sent me a Linux buffer overflow exercise he was asked to solve, so I happily gave him a hand and dag a bit deeper than needed with the “reverse engineering” (which was just taking a look at how C functions would olook like in ASM) just for fun and to become more familiar with x86 ASM, so what came out of it was this bunch of notes on a very simple binary, how it works, and how I exploited it. ... Read more …

Tags: writeup binary-exploitation

HackTheBox Writeup: Bastion

September 7, 2019

Bastion proved to be a very easy yet pretty fun challenge, quite unique in its kind even if it doesn’t present any particular difficulties, all one needs to complete this box is a search engine to learn how to accomplish certain tasks, all of which only take a couple minutes to solve, hence why so many people finished this box despite it not being one of those two clicks to root kind of boxes (I’m looking at you, Blue, Jerry, Lame, etc…). ... Read more …

Tags: hackthebox writeup ctf

HackTheBox Writeup: Bounty

August 31, 2019

Bounty requires to gain initial foothold with an interesting method I had never seen before, taking advantage of one of ASP.NET’s own features to gain RCE. After that, getting root is very straightforward and multiple local exploits can be used to escalate privileges. It still stands as an interesting Windows box, one of those ideal ones for getting started in the world of Windows hacking. Enumeration The only result we get from a basic nmap scan is an IIS 7. ... Read more …

HackTheBox Writeup: Dropzone

August 31, 2019

As one of my very first difficult boxes on the website Dropzone was relatively easy, more like a medium difficulty box. The difficult part of this challenge is its very little attack surface, which can only be exploited with a technique not many may know about because is no longer useful in modern systems. Once figured out what to do, the whole exploitation phase is trivial. Despite this, Dropzone still taught me a lot because the research that led me to the right solution was very informative and it answered a few questions I always had, in fact I’m going to write a full post on the subject. ... Read more …
comments powered by Disqus