Friday, 4 January 2019

Chaining 2 low impact bugs into Gitlab RCE. Real World CTF 2018 - Flaglab write-up.

Standard
Real World CTF Recently my team and I went to Zhengzhou, China for Real World CTF event. Organisation and venue were truly amazing. The format of the competition was a bit different from standard jeopardy-style. There was this not so popular concept of showing exploits on stage. To...

Thursday, 15 June 2017

Writing plugins in Python

Standard
The advantage of dynamically typed language is that it's much easier to write some code that dynamically loads another code and uses it. The downside of lack of types is that it's harder to enforce the contract on the loaded code. There are ways around that and this post is about that. How to write...

Thursday, 1 June 2017

Monday, 22 May 2017

CONFidence conference impression + Random(crypto 100) write-up

Standard
On 18-19 May CONFidence conference took place in Cracow. This was my third IT conference and second cybersecurity con in my life. CONFidence is a con with a long tradition, the biggest cybersecurity meeting of specialist in Poland every year. Venue This year it gathered around 800 people, which was...

Thursday, 13 April 2017

Vulnhub 1: Ew_Skuzzy

Standard
Me and few of my friends were asked to test some vulnerable environment that will be used as a playground for students, it was a lot of fun and motivated me to do some vulnhub.com in free time. That's my first write-up on the vulnhub machines, let me know if the description is good enough. 1. Reconnaissance Running...

Sunday, 19 March 2017

EntropyGrapher - file visualization

Standard
Since I have finally found a bit of free time I was able to develop a project that was on my mind for quite some time now. The idea was simple, write some piece of code that would let me explore entropy of the contents of a file. I've written a little snippet, that yielded this: With the help of...

Saturday, 28 January 2017

Shellcode creation - comparison of methods

Standard
In the part 2 of my guide on stack overflow exploitation I mentioned that there are several ways of creating shellcodes. This post is about some of them. 1. NASM The obvious way of creating shellcodes is writing it in assembly ourselves. To do that, we can use NASM, which is a x86/x86_64 assembler. Obvious drawback is that we cannot write for any other architecture with it(eg. arm64 for android). In...