diff --git a/_posts/2017-11-8-FrenchCroissant.md b/_posts/2017-11-8-FrenchCroissant.md index f49929a..225ee2e 100755 --- a/_posts/2017-11-8-FrenchCroissant.md +++ b/_posts/2017-11-8-FrenchCroissant.md @@ -1,6 +1,7 @@ --- layout: post title: French Croissant - or why you need to lock your computer +image: /images/default.jpg --- Last year the first day of my internship I was given a computer and asked to install and secure it for two days. After that delay anyone can try to attack and compromise my machine, and if so I was welcome to buy some "French Croissants" to the team while the attacker explain his method to get access into your computer the next morning. diff --git a/_posts/2018-1-18-WhidInjector.md b/_posts/2018-1-18-WhidInjector.md index f334162..7213a5b 100755 --- a/_posts/2018-1-18-WhidInjector.md +++ b/_posts/2018-1-18-WhidInjector.md @@ -1,6 +1,7 @@ --- layout: post title: WHID Injector - Tips and Tricks +image: /images/default.jpg --- What is it ? The WHID Injector is USB Key which act as a remote keyboard. Basically it sets up a Wifi Access Point where you can connect and send whatever you want on the machine. It also has a Rubber Ducky payload converter, an exfiltrated data tab and many more. diff --git a/_posts/2018-12-23-SIGSEGV-MD_AUTH.md b/_posts/2018-12-23-SIGSEGV-MD_AUTH.md index 46a03df..57d3caf 100755 --- a/_posts/2018-12-23-SIGSEGV-MD_AUTH.md +++ b/_posts/2018-12-23-SIGSEGV-MD_AUTH.md @@ -1,6 +1,7 @@ --- layout: post title: SIGSEGV1 Writeup - MD Auth +image: /images/default.jpg --- Let's talk about the "MD Auth" challenge, I admit I started with this challenge thinking it would be about "Markdown". I was wrong but it was nonetheless interesting to solve. diff --git a/_posts/2018-8-14-An-XSS-Story.md b/_posts/2018-8-14-An-XSS-Story.md index 7afef4f..5fa0a69 100755 --- a/_posts/2018-8-14-An-XSS-Story.md +++ b/_posts/2018-8-14-An-XSS-Story.md @@ -1,6 +1,7 @@ --- layout: post title: An XSS Story +image: /images/default.jpg --- Last night I stumbled across an XSS in a bug bounty program, this was quite fun to exploit. diff --git a/_posts/2019-11-26-SeaMonsterCTF.md b/_posts/2019-11-26-SeaMonsterCTF.md index de81669..be7e746 100755 --- a/_posts/2019-11-26-SeaMonsterCTF.md +++ b/_posts/2019-11-26-SeaMonsterCTF.md @@ -1,6 +1,7 @@ --- layout: post title: UYBHYS - Sea Monster Attack & Defense CTF +image: /images/SeaMonster/SeaMonsterBanner.png --- Last week-end I teamed up with members from [Aperikube](https://www.aperikube.fr) for an Attack/Defense CTF which took place in Brest - France. In this "small" blog post I will write about this experience, the challenges and our methodology :) diff --git a/_posts/2019-12-14-Ph0wn-CTF.md b/_posts/2019-12-14-Ph0wn-CTF.md index ca90e8d..53e2e7f 100755 --- a/_posts/2019-12-14-Ph0wn-CTF.md +++ b/_posts/2019-12-14-Ph0wn-CTF.md @@ -1,6 +1,7 @@ --- layout: post title: Ph0wn CTF 2019 - Smart Devices CTF +image: /images/Ph0wn/Ph0wnBanner.png --- Another week another CTF, this time it was the [Ph0wn](https://ph0wn.org) at Sophia Antipolis (France). I teamed up with members from [@Maki](https://twitter.com/maki_mitz), [@iansus](https://twitter.com/iansus), [@MansourCyril](https://twitter.com/MansourCyril) and [@0hax](https://twitter.com/0hax2). We reached the **second place** of this IoT/Hardware CTF. diff --git a/_posts/2019-12-26-DVID.md b/_posts/2019-12-26-DVID.md index ebdbdc7..da977e5 100755 --- a/_posts/2019-12-26-DVID.md +++ b/_posts/2019-12-26-DVID.md @@ -1,6 +1,7 @@ --- layout: post title: DVID - Damn Vulnerable IoT Device +image: /images/DVID/bleadvertising.jpg --- Who ever wanted to learn about Hardware Hacking ? I found this small opensource **IoT hacking** learning board while I was in a security event. It is designed by [@vulcainreo](https://twitter.com/vulcainreo/) and cost around 45€, more than 300 units were shipped around the world. diff --git a/_posts/2019-6-22-HIP19-MeetYourDoctor.md b/_posts/2019-6-22-HIP19-MeetYourDoctor.md index 6966f19..4d328cb 100755 --- a/_posts/2019-6-22-HIP19-MeetYourDoctor.md +++ b/_posts/2019-6-22-HIP19-MeetYourDoctor.md @@ -1,6 +1,7 @@ --- layout: post title: HIP19 Writeup - Meet Your Doctor 1,2,3 +image: /images/HIP19/hip19_wargame.png --- Last wednesday I was in the Hack In Paris event for the 3rd time. As always there were some great conferences and challenges, and a new competition called "Hacker Jeopardy" which was very fun! During the Wargame I focused my time on Web challenges based on the `graphql` technology which was new to me, you will find below my writeups for the `Meet Your Doctor` challenges. diff --git a/_posts/2020-04-26-FCSC.md b/_posts/2020-04-26-FCSC.md index 1f29edc..ec87e60 100755 --- a/_posts/2020-04-26-FCSC.md +++ b/_posts/2020-04-26-FCSC.md @@ -1,14 +1,14 @@ --- layout: post title: FCSC - CTF Writeup +image: /images/FCSC/2020-fcsc-logo.jpg --- ## FCSC - FRANCE CYBERSECURITY CHALLENGE 2020 Some writeups of severals web challenges from the [FCSC 2020](https://france-cybersecurity-challenge.fr). - -![https://www.ssi.gouv.fr/uploads/2020/03/2020-fcsc-logo.jpg](https://www.ssi.gouv.fr/uploads/2020/03/2020-fcsc-logo.jpg) +![https://www.ssi.gouv.fr/uploads/2020/03/2020-fcsc-logo.jpg](/images/FCSC/2020-fcsc-logo.jpg) ## Challenges' Writeup diff --git a/_posts/2022-05-21-STHACK2022.md b/_posts/2022-05-21-STHACK2022.md index 3043743..d21b67d 100755 --- a/_posts/2022-05-21-STHACK2022.md +++ b/_posts/2022-05-21-STHACK2022.md @@ -1,6 +1,7 @@ --- layout: post title: STHACK2022 - Catch the bird, a trip from web to IRL +image: /images/STHACK2022/sthack2022_post-card.png --- * Challenge author: ajani diff --git a/_posts/2022-09-30-Auto-Obfuscate-Strings-with-Nim.md b/_posts/2022-09-30-Auto-Obfuscate-Strings-with-Nim.md index 420b564..08b0301 100755 --- a/_posts/2022-09-30-Auto-Obfuscate-Strings-with-Nim.md +++ b/_posts/2022-09-30-Auto-Obfuscate-Strings-with-Nim.md @@ -1,6 +1,7 @@ --- layout: post title: Offensive Nim - Auto Obfuscate Strings with Nim's Term-Rewriting Macros +image: /images/OffensiveNim/nimlang.png --- TLDR: Use `nim-strenc`, or read below to discover how to write your own Nim macro. diff --git a/_posts/2024-01-15-Drink-Love-Share-Rump.md b/_posts/2024-01-15-Drink-Love-Share-Rump.md index 1120138..1cd68b7 100644 --- a/_posts/2024-01-15-Drink-Love-Share-Rump.md +++ b/_posts/2024-01-15-Drink-Love-Share-Rump.md @@ -1,6 +1,7 @@ --- layout: post title: DLS 2024 - RedTeam Fails - "Oops my bad I ruined the operation" +image: /images/DrinkLoveShare24/rump_redteam_dino-0.jpg --- Recently I had the pleasure to give a rump during the "Drink Love Share" meet organized by [TheLaluka](https://twitter.com/TheLaluka). This blog post will delve deeper into the topic. diff --git a/_posts/2024-02-04-Ph0wn-Flag-Digger.md b/_posts/2024-02-04-Ph0wn-Flag-Digger.md index cb87ed8..19f695c 100644 --- a/_posts/2024-02-04-Ph0wn-Flag-Digger.md +++ b/_posts/2024-02-04-Ph0wn-Flag-Digger.md @@ -1,6 +1,7 @@ --- layout: post title: Ph0wn CTF 2019 - Flag Digger +image: /images/Ph0wn/ph0wn_chip_dip2deep_min.jpg --- TLDR: It's never too late to try to solve an old challenge. This blog post is a quick writeup of a challenge from the Ph0wn CTF 2019 where you were given a small chip and you had to extract the flag from it. diff --git a/_posts/2024-06-13-SSRFmap-axfr.md b/_posts/2024-06-13-SSRFmap-axfr.md index 6930330..e2d2173 100644 --- a/_posts/2024-06-13-SSRFmap-axfr.md +++ b/_posts/2024-06-13-SSRFmap-axfr.md @@ -1,6 +1,7 @@ --- layout: post title: SSRFmap - Introducing the AXFR module +image: /images/SSRFmapAXFR/banner_text.png --- After reading a great blog post about a CTF challenge where you had to chain several SSRF to get the flag, I took some time to improve SSRFmap, fix the bugs and merge the Pull Requests. Then I implemented a new module called `axfr` to trigger a DNS zone transfer from the SSRF using the gopher protocol. This blog post is about my journey on implementing it. diff --git a/images/default.jpg b/images/default.jpg new file mode 100644 index 0000000..43e78a4 Binary files /dev/null and b/images/default.jpg differ