Code, Hack, Tech
This series is about setting up a recon machine in the cloud, using some basic tools, and diving in to the recon process! As I move my career in to the security space I want to document my process. Part of this involves testing various utilities and trying my hand at…
Leave a CommentImageMagick is a server-side image processing engine which is very widely used. Some functions include compressing/resizing submitted images (profile pictures, for instance) to standardize files in the server’s database. Some of the popular image processing plugins in php, ruby’s rmagick, and others use ImageMagick’s platform. Before going further, here’s a…
Leave a CommentFirst write-up from: Google CTF 2016 Competition link can be found here: https://spotted-quoll.ctfcompetition.com/ After turning on dev tools in Chrome I began to look around the simple site. The major thing which stuck out was that by clicking on the ‘Admin’ link I would land on the following page: https://spotted-quoll.ctfcompetition.com/#err=user_not_found …
Leave a CommentWhat is it? DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) is a recently discovered (March 2016) vulnerability in SSL/TLS which can allow attackers to break the security SSL and TLS are supposed to provide and acquire the newly decrypted data. The flaw exploits servers which still support encryption services…
Leave a Comment