01

I've been in the field for about five years, the first three doing forensics for a firm, the last two, pentesting for that same firm.  This blog's intent is merely to provide those who may be of similar mind with some light-hearted reading about my experiences and my upcoming, ever advancing journey into things I have no right explaining to anyone.

Welcome.  I'm bad at security.

Popular posts from this blog

07 - Just Another OSCE Review

Image
CTP and the OSCE "The OSCE exam is really hard"                    - Everyone, probably As anyone who has attempted an OffSec certification knows, they're hard as nails.  I've taken the OSCP and now the OSCE, so I can attest to their difficulty.  I'm also not the type of person who can just "pass" these tests.  I took the OSCP multiple times, consistently overthinking the solutions to tasks that, once solved, were much simpler than I initially thought.  I also took the OSCE exam twice, with a month's separation between exams, so I'm no savant.   One of my coworkers inquired if I'd write a blog post about how I prepared, and how I went from OSCP to OSCE.  What I did, resources I used, etc.  As far as a prep guide goes, I think you'd be better off looking elsewhere.  This has a lot of info in it, but I'm not going to talk about what you should and shouldn't focus on to pass the test , that's not the point.  This p
Read more

06 - How to maybe not be so bad at fuzzing, Part 2

Image
06 - Back to the Fuzzing, Part 2 This post will focus more on actual usage of different fuzzers, rather than part one which talked about fuzzing from a higher level.  I'll use the widely available  vulnserver.exe  as a target application for a bunch of examples, as there are a ton of posts out there that go over exploiting it.  I will also briefly talk about some typical fuzzing use-cases, such as HTTP requests, and how we may employ a fuzzer to assist in testing.  I'm not going to turn our crashes into exploits, that's outside of the scope of this post-- I'll just take a more in depth look at the available tools to expedite the process of locating bugs. Here's the agenda for tool usage: Python Sockets SPIKE boofuzz In part one I'll talk about some common ways to implement python sockets, such as raw sockets for a normal client / server model, fuzzing HTTP requests, and maybe a bit more if I don't get lazy half-way.  In part two I will apply
Read more

02x01 - How to maybe not be as bad at fuzzing unknown binary protocols as you were before reading this

Image
Disclaimer:   I wrote this post a while ago, and definitely before I had enough knowledge to really share accurately.  Feel free to read on, but there's probably a lot of bad info in this. You're bad at fuzzing unknown binary protocols, huh? Yeah, well, me too.  In fact, I've only done it once, and I had an RFC to look at, so I guess it technically wasn't an 'unknown' protocol... and it was mostly a walkthrough. So, we'll go start to finish on this in a few posts, maybe. Pre-Requisites: Familiarity with debuggers, i.e. OllyDBG Immunity Familiarity with: Fuzzers (SPIKE, boofuzz, sulley, etc) scapy Python Wireshark Assembly (sorta) Stack Based Buffer Overflows SEH Exploits Virtual Machines Attacker  Kali? Windows? Whatever floats your boat. Victim x 2 Windows 7+ Note:  If you're using windows as the attacking machine, you don't need two victim machines. That's probably it? Okay, so this post is a work in pr
Read more