Posted on mar. 14 janvier 2020 in Write-up
On the twelfth day of Christmas, my true love gave to me:
Twelve Phishers phishing
Eleven Shells a-popping
Ten Passwords spraying
Nine Splunks a-splunking
Eight Machines learning
Seven Metasploit scanning
Six Blue Teamers crying
Five Golden Tickets
Four Domain Hashes
Three Malicious Macros
Two LAN Turtles
and a Pwnage in …
Continue readingPosted on lun. 14 janvier 2019 in Write-up
🎵 I'm dreaming of a pwned Christmaaaaas 🎵 As usual, here's my write-up for the 2018 SANS Christmas Challenge.
Table of contents
Posted on mer. 10 janvier 2018 in Write-up
'Tis the season to be pwning, falalalala lalalala. As usual, here's my write-up for the 2017 SANS Christmas Challenge.
Table of contents
Posted on mar. 28 mars 2017 in Bug bounty
I don't do bug bounties due to a lack of time. Although I have a HackerOne profile, you can see that I'm not so active. However, a coworker of mine spends quite some time on different bug bounty programs.
On 2017-02-06 evening, when we were both connected to our work …
Continue readingPosted on jeu. 05 janvier 2017 in Write-up
This blog is beginning to look a lot like being exclusively about SANS Christmas Challenges write-ups. What can I say, they're so good! Anyway, let's roll for the 2016 edition of this marvelous Christmas Challenge.
Everything starts again with the Dosis children. As they're reminiscing on last year's Christmas, they …
Continue readingPosted on sam. 09 janvier 2016 in Write-up
This year again, the SANS institute delights us with a wonderful Christmas Challenge.
We follow the Dosis family, after they purchase a Gnome in Your Home for their kids, Jessica and Joshua. These two kids, especially bright for their age, tinker with the gnome, to find that it has a …
Continue readingPosted on dim. 03 février 2013 in Cryptography
NB: I know that implementing cryptographic algorithms yourself is dangerous. There are many implementation problems people won't think about, like memory management. I just wanted to talk about the CipherSaber because I think it's an old, yet neat project. I think it's important to sensitize people about cryptography and the …
Continue readingPosted on lun. 07 janvier 2013 in Write-up
During December, SANS posted a Christmas challenge based on a Christmas story.
This year, Santa is sad because he feels that nobody believes in him anymore, so he decides to cancel Christmas. Mrs. Claus wants to cheer her husband up, in order not to let children down, but her reindeer …
Continue readingPosted on sam. 15 décembre 2012 in Write-up
You can find the code for this level here.
(sha256:
d211aa240a0a59eb1f56d3c42a55080d0e27eea2c04bc4410bf608824c847c96)
This is it. The final level to the Stripe CTF. The goal here is to retrieve a 12-digit password, which is too long to brute force. Let's see how we can use the protocol to our advantage.
The infrastructure …
Continue readingPosted on dim. 09 décembre 2012 in Write-up
You can find the code for this level here.
(sha256:
d497f25a620a2ad5e3850bf642cfc1df988e32b612d06f48fffa271912726e86)
This level is the most delicious of all: you can order waffles online, and the company will have them delivered to the location you specified. There are seven types of waffle: veritaffle, belgian, brussels, eggo, chicken (premium), dream (premium …
Continue reading