Malware Analysis - FakeBard - Malicious ChromeExtension
Description
As it’s the weekend and I had some free time, I was scrolling through Facebook when an ad suggestion caught my eye. The ad promoted a new Google Bard version which, in my opinion seems like a potential malware.
Despite my curiosity, I decided to investigate for fun, so I grabbed my laptop and copied the link into my browser.
A...
AI - OSINT - Solving GitHub Alias
Title
How AI-Powered OSINT Helped Me Solve the Mystery of My GitHub Alias and Reclaim My Digital Identity !
Description
A few years ago, while setting up my GitHub account and trying to establish my digital presence, I discovered that the username AB2 was already taken. The account belonged to someone else, which was surprising since I had en...
MCH2022CTF - MySimpleLogin - Writeup
Description
Solution
We were given an APK file
MySimpleLogin.zip
After downloading the APK file, we can use any Android DEX decompiler to open it.
To find the entry point or main activity, we can check the AndroidManifest.xml file.
The main activity for this APK is ctf.challenges.mysimplelogin.MainActivity, as shown in the screenshot...
HackyHolidays - Protect the supply - Writeup
Description
This challenge was in both the forensics and reversing categories
Solution
The challenge is a container that can be pulled using the command described in the challenge description.
docker run -ti hackazon/micro_ghost /bin/sh
As a fan of bash shell, I had to change the /bin/sh to /bin/bash
docker run -ti hackazon/micro_ghost ...
PHP - Bypass Disable Functions Using FFI
Description
Recently, I encountered a situation where most PHP functions were disabled. To facilitate more accurate debugging and analysis, I recreated the environment in a Docker container.
Docker setup
Dockerfile
FROM php:8.0-apache
RUN apt update
RUN apt install nano libffi-dev
RUN docker-php-ext-configure ffi --with-ffi
RUN docker-php-e...
TryHackMe - Island Orchestration - Walkthrough
Description
Room Link: Island Orchestration
Only one flag to catch … !
Recon
Using nmap, we can find that there are two open ports.
Nmap scan report for 10.10.160.23
Host is up, received reset ttl 255 (0.013s latency).
Not shown: 998 filtered tcp ports (no-response)
PORT STATE SERVICE REASON
22/tcp open ssh syn-ack ttl 64
80/tcp op...
VirtualBox Saved State Parser
Description
1) This tool has been used back in 2014 for a CTF Challenge ASIS-QUALS-2014
2) I found this tool to be interesting and decided to save it here in my GitHub repository. I am not sure who the original author of the tool is, but I wanted to preserve it for future reference and potentially contribute to its development..
3) Also you m...
No WSL After 2 Day
Description
No WSL After 2 Day ! OR No Windows System Linux After Today !
This document explains how to install a virtual Linux system on your Windows machine without relying on WSL.
Final result
Download
Below are the software and application names mentioned in this document:
Windows Terminal Preview
VirtualBox
Kali Linux
Setting...
MystikoCTF - THM - Walkthrough
Date: 21st / 22nd November 2021
Description
This is my writeup for the recent CTF hosted by Mystiko, which was held on TryHackMe. I had a great time participating in the CTF and found it to be very challenging and enjoyable. I would like to express my gratitude to the Mystiko team for organizing such a fantastic event and for creating such ...
DamCTF - sneaky-script - Writeup
Description
This challenge was part of a recent CTF DamCTF, and it was the only challenge in the malware category.
Solution
Upon extracting the provided zip file, we found that it contained two files: a pcap file and a bash script.
Examining the bash script, I found a line of code that indicates that the script is downloading and executi...
Vulnhub - Venus - Walkthrough
Description
The Planets: Venus
Date release: 3 Jun 2021
Author: SirFlash
Series: The Planets
URL: https://www.vulnhub.com/entry/the-planets-venus,705/
Difficulty: Medium
Venus is a medium box requiring more knowledge than the previous box, “Mercury”, in this series. There are two flags on the box: a user and root flag which include an ...
Pwn2Win - CmonSeemyVulns - Writeup
Description
We were given the source code and the Dockerfile, we can build it locally and work on it directly on our own system.
c_mon_see_my_vulns
Code Review
Snipped code from: index.php (Only PHP Part !)
The 7th line of the code appears to contain an eval function that is called within the do_calcs function.
This function is calle...