01

I've been in the field for about five years, the first three doing forensics for a firm, the last two, pentesting for that same firm.  This blog's intent is merely to provide those who may be of similar mind with some light-hearted reading about my experiences and my upcoming, ever advancing journey into things I have no right explaining to anyone.

Welcome.  I'm bad at security.

Comments

Post a Comment

Popular posts from this blog

06 - How to maybe not be so bad at fuzzing, Part 2

Image
06 - Back to the Fuzzing, Part 2
This post will focus more on actual usage of different fuzzers, rather than part one which talked about fuzzing from a higher level.  I'll use the widely available vulnserver.exe as a target application for a bunch of examples, as there are a ton of posts out there that go over exploiting it.  I will also briefly talk about some typical fuzzing use-cases, such as HTTP requests, and how we may employ a fuzzer to assist in testing.  I'm not going to turn our crashes into exploits, that's outside of the scope of this post-- I'll just take a more in depth look at the available tools to expedite the process of locating bugs.
Here's the agenda for tool usage: Python SocketsSPIKEboofuzz In part one I'll talk about some common ways to implement python sockets, such as raw sockets for a normal client / server model, fuzzing HTTP requests, and maybe a bit more if I don't get lazy half-way.  In part two I will apply SPIKE to the same t…
Read more

07 - Just Another OSCE Review

Image
CTP and the OSCE
"The OSCE exam is really hard" 
                  - Everyone, probably
As anyone who has attempted an OffSec certification knows, they're hard as nails.  I've taken the OSCP and now the OSCE, so I can attest to their difficulty.  I'm also not the type of person who can just "pass" these tests.  I took the OSCP multiple times, consistently overthinking the solutions to tasks that, once solved, were much simpler than I initially thought.  I also took the OSCE exam twice, with a month's separation between exams, so I'm no savant.  
One of my coworkers inquired if I'd write a blog post about how I prepared, and how I went from OSCP to OSCE.  What I did, resources I used, etc.  As far as a prep guide goes, I think you'd be better off looking elsewhere.  This has a lot of info in it, but I'm not going to talk about what you should and shouldn't focus on to pass the test, that's not the point.  This post is more or les…
Read more

04 - DiskSavvy Enterprise 10.4.18 BoF SEH (and how I finally became not so bad at it)

Image
I decided to make a whole new post in regarding DiskSavvy, as the others were all over the place.  This post will focus on the working PoC, now that I have it, and explain some of the tribulations and pitfalls I experienced during it.


0x01 - Locating a Crash
Alright, so in the past we've located a relatively easy crash-- after performing a three way handshake, the application sends a packet requesting some server information.  This packet'ssends the following ASCII string: 'SERVER_GET_INFO', prepended by a few headers, and appended by some more data.  This whole interaction can be seen in previous posts, namely post one and two, where I go as in depth as I was able at the time with my fairly limited knowledge.  Initially, I found a location in a portion of the headers that resulted in a crash that I was pretty psyched on, but after bashing my head against the keyboard for an undetermined (read: unreleased) amount of time, I found I wasn't sure I was able to take ad…
Read more