Posts

It’s been 4 years since I started overthewire.org CTF and with that the beginning of my road back to cybersecurity. It’s been a hell of a ride and I wanted to share the whole process and how I’ve always tried to improve along the way. 2020 Summer 2020, It’s been 8 months since I started a role in a devops team. Going back to technical IT tasks was a game changer after doing more project leadership tasks for a few years: I was going back to what I used to do during engineering school: trying to know how things work, solving problems, discovering new things in a technical IT context....

I recently had the occasion to look into securing access to an AWS S3 bucket. Although the subject can seem simple, there are different steps to cover in order to implement it properly. Let’s jump in! Objective We have an AWS S3 bucket that needs to be accessed from an on-premise server. Objects on S3 bucket are encrypted with a KMS key. This server has no IAM identity, so we had to create an IAM user in order to call the S3 API....

I find the pspy tool very convenient to quickly see what is happening on a Linux system, and I wanted to do the same on Windows hosts. This short writeup describes Windows equivalent: winpspy. pspy I find the inotify API very convienent for monitoring filesystem activity: the libc page gives a great example on how to use it. This is a small adaptation I made for a challenge once: we have a privilege program doing every minute roughly the following:...

This is a writeup about an uninted solution of a challenge based around the RADIUS protocol. We were provided with a pcap file of a Radius authentication trace and the goal was to find the used password. The intended solution was actually to attempt a connexion against the radius server, crack the shared secret with a User-Password Attribute Based Shared Secret Attack and then recover the password. I managed to find the password without any interaction with the server, needing only the Access-Request packet given in the pcap trace....

In this writeup we will solve a heap-based exploitation challenge that took me quite some time to overcome. I ended up finding a strategy that was the House of Spirit technique, and learnt a whole lot during the process. The challenge We are given the following binary: $ pwn checksec memo Arch: amd64-64-little RELRO: Full RELRO Stack: Canary found NX: NX enabled PIE: No PIE (0x400000) The libc provided is glibc 2....