Blog - Add excerpt
Swissky
parent
2697774465
commit
8b23da02c9
|
|
@ -84,3 +84,6 @@ exclude:
|
|||
- LICENSE
|
||||
- README.md
|
||||
- CNAME
|
||||
|
||||
# Split page with more in description
|
||||
excerpt_separator: <!--more-->
|
||||
|
|
@ -6,6 +6,8 @@ title: Welcome on my Jekyll!
|
|||
Hi friend !
|
||||
Let's talk about security tips and tricks.
|
||||
|
||||
<!--more-->
|
||||
|
||||
This blog was generated with Jekyll now, use the following commands to reproduce it.
|
||||
|
||||
{% highlight bash%}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,8 @@ Prequals online
|
|||
- [Web 150 - GoldFish](ECW-CTF/#web-150---goldfish)
|
||||
- [Web 175 - Magic Car](ECW-CTF/#web-175---magic-car)
|
||||
|
||||
<!--more-->
|
||||
|
||||
## Web 50 - Hall of Fame
|
||||
This challenge was a basic SQL injection, let's follow our [methodology](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL injection/MySQL Injection.md) and extract the informations in the database. First we need to extract the columns number of the current "SELECT column1, column2 FROM ..."
|
||||
{% highlight php%}
|
||||
|
|
|
|||
|
|
@ -6,6 +6,8 @@ title: French Croissant - or why you need to lock your computer
|
|||
Last year the first day of my internship I was given a computer and asked to install and secure it for two days. After that delay anyone can try to attack and compromise my machine, and if so I was welcome to buy some "French Croissants" to the team while the attacker explain his method to get access into your computer the next morning.
|
||||
There are some techniques you need to be aware of when you're securing your machine, the list below is not exhaustive.
|
||||
|
||||
<!--more-->
|
||||
|
||||
## Open session
|
||||
When your colleague leave their computer without locking their session, it's time to go on their laptop and interact with it. In this scenario you can :
|
||||
- send an email to the team if he was logged into his mail account
|
||||
|
|
|
|||
|
|
@ -6,6 +6,8 @@ title: WHID Injector - Tips and Tricks
|
|||
## WHID Injector - Tips and Tricks
|
||||
What is it ? The WHID Injector is USB Key which act as a remote keyboard. Basically it sets up a Wifi Access Point where you can connect and send whatever you want on the machine. It also has a Rubber Ducky payload converter, an exfiltrated data tab and many more.
|
||||
|
||||
<!--more-->
|
||||
|
||||
What can I do ? Everything you could do with a keyboard plugged into a computer, for example : using [WHID Toolkit](https://github.com/swisskyrepo/WHID_Toolkit) you can spawn a reverse-shell :D
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -3,8 +3,9 @@ layout: post
|
|||
title: SIGSEGV1 Writeup - MD Auth
|
||||
---
|
||||
|
||||
Let's talk about the "MD Auth" challenge, I admit I started with this challenge thinking it would be about "Markdown".
|
||||
I was wrong but it was nonetheless interesting to solve.
|
||||
Let's talk about the "MD Auth" challenge, I admit I started with this challenge thinking it would be about "Markdown". I was wrong but it was nonetheless interesting to solve.
|
||||
|
||||
<!--more-->
|
||||
|
||||
The source code of the index was available by requesting : [http://finale-docker.rtfm.re:4444/?source](http://finale-docker.rtfm.re:4444/?source)
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,9 @@ title: An XSS Story
|
|||
---
|
||||
|
||||
Last night I stumbled across an XSS in a bug bounty program, this was quite fun to exploit.
|
||||
|
||||
<!--more-->
|
||||
|
||||
A little bit of context, the URL was as follows:
|
||||
|
||||
{% highlight bash%}
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@ title: UYBHYS - Sea Monster Attack & Defense CTF
|
|||
|
||||
Last week-end I teamed up with members from [Aperikube](https://www.aperikube.fr) for an Attack/Defense CTF which took place in Brest - France. In this "small" blog post I will write about this experience, the challenges and our methodology :)
|
||||
|
||||
<!--more-->
|
||||
|
||||
{: .center-image }
|
||||
|
||||
Rules & informations about the CTF are available in the following PDF : [CTF_UYBHYS.pdf]({{ site.baseurl }}/files/CTF_UYBHYS.pdf)
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@ title: Ph0wn - Smart Devices CTF
|
|||
|
||||
Another week another CTF, this time it was the [Ph0wn](https://ph0wn.org) at Sophia Antipolis (France). I teamed up with members from [@Maki](https://twitter.com/maki_mitz), [@iansus](https://twitter.com/iansus), [@MansourCyril](https://twitter.com/MansourCyril) and [@0hax](https://twitter.com/0hax2). We reached the **second place** of this IoT/Hardware CTF.
|
||||
|
||||
<!--more-->
|
||||
|
||||
{: .center-image }
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,8 @@ title: DVID - Damn Vulnerable IoT Device
|
|||
|
||||
Who ever wanted to learn about Hardware Hacking ? I found this small opensource **IoT hacking** learning board while I was in a security event. It is designed by [@vulcainreo](https://twitter.com/vulcainreo/) and cost around 45€, more than 300 units were shipped around the world.
|
||||
|
||||
<!--more-->
|
||||
|
||||
Let's dig into this awesome project and clone the git : `https://github.com/Vulcainreo/DVID.git` !
|
||||
|
||||
## Challenges' Writeup
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@ title: HIP19 Writeup - Meet Your Doctor 1,2,3
|
|||
|
||||
Last wednesday I was in the Hack In Paris event for the 3rd time. As always there were some great conferences and challenges, and a new competition called "Hacker Jeopardy" which was very fun! During the Wargame I focused my time on Web challenges based on the `graphql` technology which was new to me, you will find below my writeups for the `Meet Your Doctor` challenges.
|
||||
|
||||
<!--more-->
|
||||
|
||||
{: .center-image }
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue