Recent Posts:

Sunshine CTF 2019 Write-up

At the end of March this year, Hack@UCF released a CTF in collaboration with BSides Orlando 2019. Our team ended up coming 13th, narrowly missing out on a top 10 spot. You can find the homepage for this CTF here. [Read More...]

StegOnline: A New Steganography Tool

You can try the tool yourself here, or view the project on GitHub. [Read More...]

Secnotes Write-up (HTB)

TL;DR: SQLi & WSL Escape | I did this box a few months ago, so the commentary on it may be a little rusty. It’s clear that it was popular, since it wasn’t voted out for so long. The main attack vectors in this were SQL Injection through the login field, and then escaping through cleartext passwords in the Windows Subsystem for Linux. [Read More...]

Waldo Write-up (HTB)

As opposed to the more generic two-stage boxes, Waldo was unique in that there were three challenges to overcome, and each had completely different methods needed to do so. Whilst the third stage was a little tedious and hard to explain, I learnt about some small Linux functions that I never knew existed before. [Read More...]

Bounty Write-up (HTB)

TL;DR: .config webshell & Metasploit Privesc. | In this box, I wasted a lot of time trying to get an initial foothold, since it’s rare to have to perform so many different dirb scans in order to find anything useful. However, once I worked out what I had to do, the box was both fun and interesting. Since I don’t know much about Microsoft Server security, Windows boxes are always a challenge to complete. [Read More...]

Union SQLi Challenges (Zixem Write-up)

I’ve always avoided learning more about SQL Injections, since they’ve always seemed like quite a daunting part of Infosec. Because of this, I finally decided to put in some time to an SQLi-focused wargame in order to sharpen my skills a little. You can find the challenges at the website below: [Read More...]

DevOops Write-up (HTB)

TL;DR: XXE & Git Reverts. | While DevOops is known to be fairly easy, it was still good practice and fun to do. While I have seen both the same user and root methods in other CTFs before, they were both presented well, and overall the box was very well-structured. [Read More...]

CSAW’18 RED | Clicker Challenges

This is a write-up for three of the challenges in the CSAW 2018 Red Team Qualifiers. I participated in this with my team, even though we aren’t eligible for the prizes. The competition lasted the from September 21st to September 30th. [Read More...]

Reply Cyber Security Challenge Sandbox Write-ups

The following solutions were part of the practice challenges for Reply Cyber Security Challenge. These were released on 18/09/2018, with the main event starting on 05/10/2018. I will eventually also release a write-up for the actual event. [Read More...]

Last updated at: 2020-01-25 07:15:02.737197  |   Visitor #3111.