Code, Hack, Tech
LayerOne is an information security conference in LA which hosts one of the more enjoyable CTFs that I participate in. This is the first in a series of a few post I am writing which goes over the solution of some of the CTF challenges. The Challenges This first write-up…
Leave a CommentSocial engineering, in particular through the medium of email, is very likely the greatest threat to an average organization. While 0-days do come around and pose real threats to organizations and many of them do not implement strong patch management programs, phishing is simply easier and more effective for the…
1 CommentTheHarvester I’m going to present this tool in two ways to show simultaneously how cool this utility is and the slightly less impressive way it is actually done: What appears to happen: Type in a username, receive a list of sites that user exists as a member. Type in a…
Leave a CommentIntroducing Battalion Over the past 2.5 months a friend – @eidolonpg – and I have been working on a tool which was spawned from the previous articles written here. If you’ve read the past few posts have been about ‘Reconnaissance’ and, lately, chaining various recon tools together you’ll understand how this…
Leave a CommentThis is a quick write-up on the amazing HaveIBeenPwned Database maintained by Troy Hunt. https://haveibeenpwned.com. If you haven’t seen it, check it out! I recently discovered there isa public API to query the breach databases and decided I wanted to notify employees at my company if their account was involved…
Leave a CommentGobuster TheColonial wrote a really cool tool called Gobuster which is similar to fierce but programmed in Go. I wanted to include it here because I tend to have better performance using this tool than fierce, by a LOT. Gobuster can be found on github here. There are a few issues to…
Leave a CommentFierce Fierce is a DNS brute-force scanner which comes bundled with the Kali Linux distro. Since we’re not using Kali let’s get and configure fierce from the github project’s page: https://github.com/davidpepper/fierce-domain-scanner First, let’s create a ‘Recon’ folder where we will put our tools. Now that we’ve created our recon folder, let’s…
Leave a CommentThis series is about setting up a recon machine in the cloud, using some basic tools, and diving in to the recon process! As I move my career in to the security space I want to document my process. Part of this involves testing various utilities and trying my hand at…
Leave a CommentImageMagick is a server-side image processing engine which is very widely used. Some functions include compressing/resizing submitted images (profile pictures, for instance) to standardize files in the server’s database. Some of the popular image processing plugins in php, ruby’s rmagick, and others use ImageMagick’s platform. Before going further, here’s a…
Leave a CommentMy first CTF challenge was Ernst Echidna which is a simple web page (here) which had a register page. After inspecting the requests when interacting on the site and by checking the robots.txt file, we were able to determine that there is a /admin page which you attempt to arrive at but are…
Leave a Comment