This brief post analyzes some aggregate information about the state of penetration testing in 2018. It will aggregate the results of several reports on pentesting, compare and contrast them, and derive some new information with the goal of improving pentesting performance. The ultimate goal is to inform and improve my own pentesting.
This post discusses BrickerBot, a malware that operated from the end of 2016 to the end of 2017. The claimed author uploaded obfuscated code in December of 2017. There have been discussions about this project, but there does not appear to have been any work on deobfuscating and analyzing the code itself.
The obfuscated code is available here.
The deofuscated code is available here.
This post is a discussion surrounding a recent compromise of Reddit that initiated from a breach of SMS 2FA, and a thought on how 2FA could be modified.
This is a brief tutorial for ctypes. It is a “a foreign function library for Python. It provides C compatible data types, and allows calling functions in DLLs or shared libraries. It can be used to wrap these libraries in pure Python.” This tutorial focuses on calling functions in DLLs.
Completed OSCP.
Starting lab time in OSCP~~~.
From 9/1/2017 to 9/17/2017, spent a couple weeks working on challenges at RootMe.
I completed a handful of VMs from VulnHub, specifically trying to follow Abatchy’s list of suggest VMs for OSCP.
I completed the Natas challenges on Over The Wire.
Microcorruption is an embedded security CTF. I’ve completed up to Chernobyl, which is 17 levels in, plus the tutorial.
I wanted to learn more about options trading: what type of costs and profits are possible, how the contracts work, and what type of expectation values they have. I wrote a bit of code to scrape some options chains information and gained some experience using Beautiful Soup and Selenium.
I completed the Narnia challenges on Over The Wire.
I completed the Krypton challenges on Over The Wire.
I published an early but otherwise working code called BenfordsPy. It’s a set of tools to analyze data using Benford’s Law. More details within.
I completed the Leviathon challenges on Over The Wire.
Capture the flag events are competitions where participants face off to compete in different domains of computer securrity, such as finding and exploiting vulnerabilities. In contrast, a wargame allows you to try the same tasks on a dedicated, ongoing server. I suppose the latter is analogous to playing against an NPC.
(A very good place to start). This inaugural post outlines how I’ve set up this GitHub page and explains the basic features I’m using. I’ll describe the features then give examples and links to how it’s done on this GitHug page. This should serve as simple primer for setting up a GitHub page.