Below are a couple of Z2A course write-ups. I did these ages ago but never published anything. These are from 2021; They demonstrate the malware RE process all the way through. Screenshots are probably missing since I wrote this in 2021 Week 3 Dynamic analysis So we get the following…
Quick blogpost to mostly share a usefull script. The twitter infosec community recently made a lot of noise around a new dll injection technique dubbed "mockingjay" https://www.bleepingcomputer.com/news/security/new-mockingjay-process-injection-technique-evades-edr-detection/ In my opinion, this is just another one of those Redteam rediscovered techniques that has…
I blurred domain names for "attack victims" in this blog post, however because of the very nature of how HSTS pre-loading works, most affected websites can be infered pretty easily Edit Note: Both attacks discussed below, while annoying are medium-low impact in my opinion but they are pretty…
Posting this here. Some of the write-ups are incomplete but I don't really have time to finish this draft. Hope you enjoy the content nevertheless. Chall 1 In script.js: const CORRECT_GUESS = 57; let rightGuessString = WORDS[CORRECT_GUESS]; let flag = rightGuessString + '@flare-on.com'; In words.…
This is my write-up around a couple of Kringlecon22 challenges. I wanted to use chatGPT as much as possible as an experiment for some of these challenges. It's a pretty cool tool to add to your arsenal but it's far from perfect. If you don'…