Compare commits
No commits in common. "43be6c2039cd6dc77c45b92cac4e7e6b92622992" and "c11a01165dc34683db1646fe8f4eaf285109ffdb" have entirely different histories.
43be6c2039
...
c11a01165d
|
@ -1,7 +1,6 @@
|
||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: French Croissant - or why you need to lock your computer
|
title: French Croissant - or why you need to lock your computer
|
||||||
image: /images/default.jpg
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Last year the first day of my internship I was given a computer and asked to install and secure it for two days. After that delay anyone can try to attack and compromise my machine, and if so I was welcome to buy some "French Croissants" to the team while the attacker explain his method to get access into your computer the next morning.
|
Last year the first day of my internship I was given a computer and asked to install and secure it for two days. After that delay anyone can try to attack and compromise my machine, and if so I was welcome to buy some "French Croissants" to the team while the attacker explain his method to get access into your computer the next morning.
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: WHID Injector - Tips and Tricks
|
title: WHID Injector - Tips and Tricks
|
||||||
image: /images/default.jpg
|
|
||||||
---
|
---
|
||||||
|
|
||||||
What is it ? The WHID Injector is USB Key which act as a remote keyboard. Basically it sets up a Wifi Access Point where you can connect and send whatever you want on the machine. It also has a Rubber Ducky payload converter, an exfiltrated data tab and many more.
|
What is it ? The WHID Injector is USB Key which act as a remote keyboard. Basically it sets up a Wifi Access Point where you can connect and send whatever you want on the machine. It also has a Rubber Ducky payload converter, an exfiltrated data tab and many more.
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: SIGSEGV1 Writeup - MD Auth
|
title: SIGSEGV1 Writeup - MD Auth
|
||||||
image: /images/default.jpg
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Let's talk about the "MD Auth" challenge, I admit I started with this challenge thinking it would be about "Markdown". I was wrong but it was nonetheless interesting to solve.
|
Let's talk about the "MD Auth" challenge, I admit I started with this challenge thinking it would be about "Markdown". I was wrong but it was nonetheless interesting to solve.
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: An XSS Story
|
title: An XSS Story
|
||||||
image: /images/default.jpg
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Last night I stumbled across an XSS in a bug bounty program, this was quite fun to exploit.
|
Last night I stumbled across an XSS in a bug bounty program, this was quite fun to exploit.
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: UYBHYS - Sea Monster Attack & Defense CTF
|
title: UYBHYS - Sea Monster Attack & Defense CTF
|
||||||
image: /images/SeaMonster/SeaMonsterBanner.png
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Last week-end I teamed up with members from [Aperikube](https://www.aperikube.fr) for an Attack/Defense CTF which took place in Brest - France. In this "small" blog post I will write about this experience, the challenges and our methodology :)
|
Last week-end I teamed up with members from [Aperikube](https://www.aperikube.fr) for an Attack/Defense CTF which took place in Brest - France. In this "small" blog post I will write about this experience, the challenges and our methodology :)
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: Ph0wn CTF 2019 - Smart Devices CTF
|
title: Ph0wn CTF 2019 - Smart Devices CTF
|
||||||
image: /images/Ph0wn/Ph0wnBanner.png
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Another week another CTF, this time it was the [Ph0wn](https://ph0wn.org) at Sophia Antipolis (France). I teamed up with members from [@Maki](https://twitter.com/maki_mitz), [@iansus](https://twitter.com/iansus), [@MansourCyril](https://twitter.com/MansourCyril) and [@0hax](https://twitter.com/0hax2). We reached the **second place** of this IoT/Hardware CTF.
|
Another week another CTF, this time it was the [Ph0wn](https://ph0wn.org) at Sophia Antipolis (France). I teamed up with members from [@Maki](https://twitter.com/maki_mitz), [@iansus](https://twitter.com/iansus), [@MansourCyril](https://twitter.com/MansourCyril) and [@0hax](https://twitter.com/0hax2). We reached the **second place** of this IoT/Hardware CTF.
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: DVID - Damn Vulnerable IoT Device
|
title: DVID - Damn Vulnerable IoT Device
|
||||||
image: /images/DVID/bleadvertising.jpg
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Who ever wanted to learn about Hardware Hacking ? I found this small opensource **IoT hacking** learning board while I was in a security event. It is designed by [@vulcainreo](https://twitter.com/vulcainreo/) and cost around 45€, more than 300 units were shipped around the world.
|
Who ever wanted to learn about Hardware Hacking ? I found this small opensource **IoT hacking** learning board while I was in a security event. It is designed by [@vulcainreo](https://twitter.com/vulcainreo/) and cost around 45€, more than 300 units were shipped around the world.
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: HIP19 Writeup - Meet Your Doctor 1,2,3
|
title: HIP19 Writeup - Meet Your Doctor 1,2,3
|
||||||
image: /images/HIP19/hip19_wargame.png
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Last wednesday I was in the Hack In Paris event for the 3rd time. As always there were some great conferences and challenges, and a new competition called "Hacker Jeopardy" which was very fun! During the Wargame I focused my time on Web challenges based on the `graphql` technology which was new to me, you will find below my writeups for the `Meet Your Doctor` challenges.
|
Last wednesday I was in the Hack In Paris event for the 3rd time. As always there were some great conferences and challenges, and a new competition called "Hacker Jeopardy" which was very fun! During the Wargame I focused my time on Web challenges based on the `graphql` technology which was new to me, you will find below my writeups for the `Meet Your Doctor` challenges.
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: FCSC - CTF Writeup
|
title: FCSC - CTF Writeup
|
||||||
image: /images/FCSC/2020-fcsc-logo.jpg
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## FCSC - FRANCE CYBERSECURITY CHALLENGE 2020
|
## FCSC - FRANCE CYBERSECURITY CHALLENGE 2020
|
||||||
|
|
||||||
Some writeups of severals web challenges from the [FCSC 2020](https://france-cybersecurity-challenge.fr).
|
Some writeups of severals web challenges from the [FCSC 2020](https://france-cybersecurity-challenge.fr).
|
||||||
|
|
||||||
![https://www.ssi.gouv.fr/uploads/2020/03/2020-fcsc-logo.jpg](/images/FCSC/2020-fcsc-logo.jpg)
|
|
||||||
|
![https://www.ssi.gouv.fr/uploads/2020/03/2020-fcsc-logo.jpg](https://www.ssi.gouv.fr/uploads/2020/03/2020-fcsc-logo.jpg)
|
||||||
|
|
||||||
## Challenges' Writeup
|
## Challenges' Writeup
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: STHACK2022 - Catch the bird, a trip from web to IRL
|
title: STHACK2022 - Catch the bird, a trip from web to IRL
|
||||||
image: /images/STHACK2022/sthack2022_post-card.png
|
|
||||||
---
|
---
|
||||||
|
|
||||||
* Challenge author: ajani
|
* Challenge author: ajani
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: Offensive Nim - Auto Obfuscate Strings with Nim's Term-Rewriting Macros
|
title: Offensive Nim - Auto Obfuscate Strings with Nim's Term-Rewriting Macros
|
||||||
image: /images/OffensiveNim/nimlang.png
|
|
||||||
---
|
---
|
||||||
|
|
||||||
TLDR: Use `nim-strenc`, or read below to discover how to write your own Nim macro.
|
TLDR: Use `nim-strenc`, or read below to discover how to write your own Nim macro.
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: DLS 2024 - RedTeam Fails - "Oops my bad I ruined the operation"
|
title: DLS 2024 - RedTeam Fails - "Oops my bad I ruined the operation"
|
||||||
image: /images/DrinkLoveShare24/rump_redteam_dino-0.jpg
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Recently I had the pleasure to give a rump during the "Drink Love Share" meet organized by [TheLaluka](https://twitter.com/TheLaluka). This blog post will delve deeper into the topic.
|
Recently I had the pleasure to give a rump during the "Drink Love Share" meet organized by [TheLaluka](https://twitter.com/TheLaluka). This blog post will delve deeper into the topic.
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: Ph0wn CTF 2019 - Flag Digger
|
title: Ph0wn CTF 2019 - Flag Digger
|
||||||
image: /images/Ph0wn/ph0wn_chip_dip2deep_min.jpg
|
|
||||||
---
|
---
|
||||||
|
|
||||||
TLDR: It's never too late to try to solve an old challenge. This blog post is a quick writeup of a challenge from the Ph0wn CTF 2019 where you were given a small chip and you had to extract the flag from it.
|
TLDR: It's never too late to try to solve an old challenge. This blog post is a quick writeup of a challenge from the Ph0wn CTF 2019 where you were given a small chip and you had to extract the flag from it.
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: SSRFmap - Introducing the AXFR module
|
title: SSRFmap - Introducing the AXFR module
|
||||||
image: /images/SSRFmapAXFR/banner_text.png
|
|
||||||
---
|
---
|
||||||
|
|
||||||
After reading a great blog post about a CTF challenge where you had to chain several SSRF to get the flag, I took some time to improve SSRFmap, fix the bugs and merge the Pull Requests. Then I implemented a new module called `axfr` to trigger a DNS zone transfer from the SSRF using the gopher protocol. This blog post is about my journey on implementing it.
|
After reading a great blog post about a CTF challenge where you had to chain several SSRF to get the flag, I took some time to improve SSRFmap, fix the bugs and merge the Pull Requests. Then I implemented a new module called `axfr` to trigger a DNS zone transfer from the SSRF using the gopher protocol. This blog post is about my journey on implementing it.
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: Anatomy of Pokemon glitches
|
title: Anatomy of Pokemon glitches
|
||||||
image: /images/PokemonGlitches/pikachu-yellow.png
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Digging into the anatomy of Pokemon Yellow glitches, or how to impress your school friends during break time.
|
Digging into the anatomy of Pokemon Yellow glitches, or how to impress your school friends during break time.
|
||||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 22 KiB |
Loading…
Reference in New Issue