Compare commits

..

No commits in common. "43be6c2039cd6dc77c45b92cac4e7e6b92622992" and "c11a01165dc34683db1646fe8f4eaf285109ffdb" have entirely different histories.

16 changed files with 2 additions and 16 deletions

View File

@ -1,7 +1,6 @@
--- ---
layout: post layout: post
title: French Croissant - or why you need to lock your computer title: French Croissant - or why you need to lock your computer
image: /images/default.jpg
--- ---
Last year the first day of my internship I was given a computer and asked to install and secure it for two days. After that delay anyone can try to attack and compromise my machine, and if so I was welcome to buy some "French Croissants" to the team while the attacker explain his method to get access into your computer the next morning. Last year the first day of my internship I was given a computer and asked to install and secure it for two days. After that delay anyone can try to attack and compromise my machine, and if so I was welcome to buy some "French Croissants" to the team while the attacker explain his method to get access into your computer the next morning.

View File

@ -1,7 +1,6 @@
--- ---
layout: post layout: post
title: WHID Injector - Tips and Tricks title: WHID Injector - Tips and Tricks
image: /images/default.jpg
--- ---
What is it ? The WHID Injector is USB Key which act as a remote keyboard. Basically it sets up a Wifi Access Point where you can connect and send whatever you want on the machine. It also has a Rubber Ducky payload converter, an exfiltrated data tab and many more. What is it ? The WHID Injector is USB Key which act as a remote keyboard. Basically it sets up a Wifi Access Point where you can connect and send whatever you want on the machine. It also has a Rubber Ducky payload converter, an exfiltrated data tab and many more.

View File

@ -1,7 +1,6 @@
--- ---
layout: post layout: post
title: SIGSEGV1 Writeup - MD Auth title: SIGSEGV1 Writeup - MD Auth
image: /images/default.jpg
--- ---
Let's talk about the "MD Auth" challenge, I admit I started with this challenge thinking it would be about "Markdown". I was wrong but it was nonetheless interesting to solve. Let's talk about the "MD Auth" challenge, I admit I started with this challenge thinking it would be about "Markdown". I was wrong but it was nonetheless interesting to solve.

View File

@ -1,7 +1,6 @@
--- ---
layout: post layout: post
title: An XSS Story title: An XSS Story
image: /images/default.jpg
--- ---
Last night I stumbled across an XSS in a bug bounty program, this was quite fun to exploit. Last night I stumbled across an XSS in a bug bounty program, this was quite fun to exploit.

View File

@ -1,7 +1,6 @@
--- ---
layout: post layout: post
title: UYBHYS - Sea Monster Attack & Defense CTF title: UYBHYS - Sea Monster Attack & Defense CTF
image: /images/SeaMonster/SeaMonsterBanner.png
--- ---
Last week-end I teamed up with members from [Aperikube](https://www.aperikube.fr) for an Attack/Defense CTF which took place in Brest - France. In this "small" blog post I will write about this experience, the challenges and our methodology :) Last week-end I teamed up with members from [Aperikube](https://www.aperikube.fr) for an Attack/Defense CTF which took place in Brest - France. In this "small" blog post I will write about this experience, the challenges and our methodology :)

View File

@ -1,7 +1,6 @@
--- ---
layout: post layout: post
title: Ph0wn CTF 2019 - Smart Devices CTF title: Ph0wn CTF 2019 - Smart Devices CTF
image: /images/Ph0wn/Ph0wnBanner.png
--- ---
Another week another CTF, this time it was the [Ph0wn](https://ph0wn.org) at Sophia Antipolis (France). I teamed up with members from [@Maki](https://twitter.com/maki_mitz), [@iansus](https://twitter.com/iansus), [@MansourCyril](https://twitter.com/MansourCyril) and [@0hax](https://twitter.com/0hax2). We reached the **second place** of this IoT/Hardware CTF. Another week another CTF, this time it was the [Ph0wn](https://ph0wn.org) at Sophia Antipolis (France). I teamed up with members from [@Maki](https://twitter.com/maki_mitz), [@iansus](https://twitter.com/iansus), [@MansourCyril](https://twitter.com/MansourCyril) and [@0hax](https://twitter.com/0hax2). We reached the **second place** of this IoT/Hardware CTF.

View File

@ -1,7 +1,6 @@
--- ---
layout: post layout: post
title: DVID - Damn Vulnerable IoT Device title: DVID - Damn Vulnerable IoT Device
image: /images/DVID/bleadvertising.jpg
--- ---
Who ever wanted to learn about Hardware Hacking ? I found this small opensource **IoT hacking** learning board while I was in a security event. It is designed by [@vulcainreo](https://twitter.com/vulcainreo/) and cost around 45€, more than 300 units were shipped around the world. Who ever wanted to learn about Hardware Hacking ? I found this small opensource **IoT hacking** learning board while I was in a security event. It is designed by [@vulcainreo](https://twitter.com/vulcainreo/) and cost around 45€, more than 300 units were shipped around the world.

View File

@ -1,7 +1,6 @@
--- ---
layout: post layout: post
title: HIP19 Writeup - Meet Your Doctor 1,2,3 title: HIP19 Writeup - Meet Your Doctor 1,2,3
image: /images/HIP19/hip19_wargame.png
--- ---
Last wednesday I was in the Hack In Paris event for the 3rd time. As always there were some great conferences and challenges, and a new competition called "Hacker Jeopardy" which was very fun! During the Wargame I focused my time on Web challenges based on the `graphql` technology which was new to me, you will find below my writeups for the `Meet Your Doctor` challenges. Last wednesday I was in the Hack In Paris event for the 3rd time. As always there were some great conferences and challenges, and a new competition called "Hacker Jeopardy" which was very fun! During the Wargame I focused my time on Web challenges based on the `graphql` technology which was new to me, you will find below my writeups for the `Meet Your Doctor` challenges.

View File

@ -1,14 +1,14 @@
--- ---
layout: post layout: post
title: FCSC - CTF Writeup title: FCSC - CTF Writeup
image: /images/FCSC/2020-fcsc-logo.jpg
--- ---
## FCSC - FRANCE CYBERSECURITY CHALLENGE 2020 ## FCSC - FRANCE CYBERSECURITY CHALLENGE 2020
Some writeups of severals web challenges from the [FCSC 2020](https://france-cybersecurity-challenge.fr). Some writeups of severals web challenges from the [FCSC 2020](https://france-cybersecurity-challenge.fr).
![https://www.ssi.gouv.fr/uploads/2020/03/2020-fcsc-logo.jpg](/images/FCSC/2020-fcsc-logo.jpg)
![https://www.ssi.gouv.fr/uploads/2020/03/2020-fcsc-logo.jpg](https://www.ssi.gouv.fr/uploads/2020/03/2020-fcsc-logo.jpg)
## Challenges' Writeup ## Challenges' Writeup

View File

@ -1,7 +1,6 @@
--- ---
layout: post layout: post
title: STHACK2022 - Catch the bird, a trip from web to IRL title: STHACK2022 - Catch the bird, a trip from web to IRL
image: /images/STHACK2022/sthack2022_post-card.png
--- ---
* Challenge author: ajani * Challenge author: ajani

View File

@ -1,7 +1,6 @@
--- ---
layout: post layout: post
title: Offensive Nim - Auto Obfuscate Strings with Nim's Term-Rewriting Macros title: Offensive Nim - Auto Obfuscate Strings with Nim's Term-Rewriting Macros
image: /images/OffensiveNim/nimlang.png
--- ---
TLDR: Use `nim-strenc`, or read below to discover how to write your own Nim macro. TLDR: Use `nim-strenc`, or read below to discover how to write your own Nim macro.

View File

@ -1,7 +1,6 @@
--- ---
layout: post layout: post
title: DLS 2024 - RedTeam Fails - "Oops my bad I ruined the operation" title: DLS 2024 - RedTeam Fails - "Oops my bad I ruined the operation"
image: /images/DrinkLoveShare24/rump_redteam_dino-0.jpg
--- ---
Recently I had the pleasure to give a rump during the "Drink Love Share" meet organized by [TheLaluka](https://twitter.com/TheLaluka). This blog post will delve deeper into the topic. Recently I had the pleasure to give a rump during the "Drink Love Share" meet organized by [TheLaluka](https://twitter.com/TheLaluka). This blog post will delve deeper into the topic.

View File

@ -1,7 +1,6 @@
--- ---
layout: post layout: post
title: Ph0wn CTF 2019 - Flag Digger title: Ph0wn CTF 2019 - Flag Digger
image: /images/Ph0wn/ph0wn_chip_dip2deep_min.jpg
--- ---
TLDR: It's never too late to try to solve an old challenge. This blog post is a quick writeup of a challenge from the Ph0wn CTF 2019 where you were given a small chip and you had to extract the flag from it. TLDR: It's never too late to try to solve an old challenge. This blog post is a quick writeup of a challenge from the Ph0wn CTF 2019 where you were given a small chip and you had to extract the flag from it.

View File

@ -1,7 +1,6 @@
--- ---
layout: post layout: post
title: SSRFmap - Introducing the AXFR module title: SSRFmap - Introducing the AXFR module
image: /images/SSRFmapAXFR/banner_text.png
--- ---
After reading a great blog post about a CTF challenge where you had to chain several SSRF to get the flag, I took some time to improve SSRFmap, fix the bugs and merge the Pull Requests. Then I implemented a new module called `axfr` to trigger a DNS zone transfer from the SSRF using the gopher protocol. This blog post is about my journey on implementing it. After reading a great blog post about a CTF challenge where you had to chain several SSRF to get the flag, I took some time to improve SSRFmap, fix the bugs and merge the Pull Requests. Then I implemented a new module called `axfr` to trigger a DNS zone transfer from the SSRF using the gopher protocol. This blog post is about my journey on implementing it.

View File

@ -1,7 +1,6 @@
--- ---
layout: post layout: post
title: Anatomy of Pokemon glitches title: Anatomy of Pokemon glitches
image: /images/PokemonGlitches/pikachu-yellow.png
--- ---
Digging into the anatomy of Pokemon Yellow glitches, or how to impress your school friends during break time. Digging into the anatomy of Pokemon Yellow glitches, or how to impress your school friends during break time.

Binary file not shown.

Before

Width:  |  Height:  |  Size: 22 KiB