Hello and welcome to my blog.

Take your time to sift through my posts to see if any one picks your interest, I mainly talk about offensive cybersecurity] but you might find bits and pieces of programming, ROM hacking, and capture the flag (CTF) challenges and maybe even more generic topics I find interesting.

If you’re interested in the theme I use for the site you can find it here.

If you want to have a discussion on any topic, feel like exchanging ideas, or want to ask me any questions there are a few ways you can reach me, the comments on this website being one of them, otherwise consult my contacts.

Structure And Hacking Of The Pokèdex In Pokèmon Gold, Silver, Crystal

October 20, 2019

Notes on this topic were buried on my hard drive for years now, and rather than making all the work that led to these notes go to waste I am going to share them in the hope that someone finds them useful, even if by today this is all quite outdated thanks to the disassemblies of Gold and Crystal, so this is more like a documentation kind of post, explaining how the Pokèdex data is stored in these games and how to change it manually without having to re-compile the ROM. ... Read more …

Tags: rom-hacking gameboy pokemon

HackTheBox Writeup: Active

October 10, 2019

This is the box that introduced me to Kerberos attacks so I owe it quite a lot, as this category of techniques is incredibly useful even if unfortunately rarely used in CTF’s, they’re definitely precious lessons for real life engagements. Obtaining user is pretty straight forward if you have already went through a local Windows enumeration checklist a few times, it involves finding a GPP encrypted password from a groups. ... Read more …

Tags: hackthebox ctf writeup

HackTheBox Writeup: Bart

October 9, 2019

Bart was a lot of fun, it did involve a bit of guessing with the two bruteforcing phases, but neither of them were very hard and a bit of rational guessing was enough to solve the first of the two, so it wasn’t a handicap. This was also the box that taught me how important it is to check whether the running environment is 32 or 64 bits for both current process and operating system, a bit more about how the SysWOW64 emulator works, and it’s the first box that let me find credentials inside the WinLogon registry keys for automatic logins that I used to elevate my permissions to Administrator through a PSSession. ... Read more …

Tags: ctf writeup hackthebox

HackTheBox Writeup: Tally

October 8, 2019

This box needs quite a few steps just to get the first flag, but it’s pretty fair seen the Hard rating, and I believe it deserves it in a good way: Tally is a very fun box but it has a couple defects, first is the painfully slow Sharepoint web application, which made content discovery a chore, and then having to sift through a huge amount of useless (for the attacker, of course) files can waste some of your time but in a realistic scenario you are very likely to run into many, many files that the employees have on their computers but are of no use to you. ... Read more …

Tags: ctf hackthebox writeup

HackTheBox Writeup: Conceal

October 8, 2019

Any box that lets me play around with networking configurations is a great learning experience for me, because I never had the opportunity to touch certain topics. Conceal is one of these as it made me learn how IPSec VPNs work, how to enumerate them, and how to configure them from a Linux host to access the machine’s actual ports, which were all looking filtered at first. Once figured out how to enumerate the box the difficult part is already over, all we need for the initial foothold is an ASP webshell to upload on FTP via anonymous access which is loaded from IIS, and from there privilege escalation can be done with RottenPotato and its children exploits (RottenPotatoNG, JuicyPotato…) to execute programs as SYSTEM because our user has the SeImpersonatePrivilege privilege enabled. ... Read more …

Tags: hackthebox ctf writeup

HackTheBox Writeup: Reel

October 2, 2019

This is a damn good box. Period. It starts off with the exploitation of a vulnerability via phishing that lets us execute arbitrary HTA files hidden inside RTF documents, that’s our initial foothold from where things get more complicated, even a little summary of what there is to do would be too long so I’m not going to write one, just take a look at the table of contents for a minimalistic preview. ... Read more …

Tags: hackthebox ctf writeup

comments powered by Disqus