Category: Ethical(?) Hacking

HackerOne

So, a lot has happened over the last year which has kept me off social media and much of it I don’t really want to talk about.¬† Needless to say life has changed a lot – for the better ūüôā¬† One of the interesting things that happened is I’ve had some time to get into the HackerOne program and get… Read more →

Go Update your PHP based servers NOW

Got the following advisory in my email today. For the¬†TL;DR crowd Multiple critical bugs in PHP 5 and 7 that may enable remote code execution and/or denial of service.   For everyone else that wants the details   OVERVIEW: Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP… Read more →

Holiday Hack Challenge: Update #10 (Edited)

With the submissions now closed, I present my write-up for the SANS 2016 Holiday Hack Challenge! SANS 2016 Holiday Hack Submission¬†(23 MB) Also if you missed the last post, here’s the video walk-through of the RPG portion. SANS 2016 Holiday Hack RPG Walkthrough¬†(Youtube) And last but not least, my github repo. SANS 2016 Holiday Hack Challenge Code Repo   I’ve… Read more →

Holiday Hack Challenge: Update #9

Well, today I submitted my final documentation. In all I have 64 pages of documentation describing how to access all the systems. ¬†I had thought about trying a few extra things today, perhaps to add in a few bonus hacks, but some of the servers have been knocked offline – making the challenges inaccessible to those trying to finish up… Read more →

Holiday Hack Challenge: Update #7

    HAPPY NEW YEAR! So, it hasn’t gone completely as I had hoped so far, but with six of the seven audio files I was able to do a little research and discover the password for the final corridor. ¬†All that remains is one coin and the final audio file which I’m already on the verge of recovering. Read more →

Holiday Hack Challenge: Update #6.5

After finishing the debug/development server a couple of hours ago I thought I’d go to sleep and get some rest. ¬†Instead, I took a short break, composed myself, and went head first into the exception server. ¬†It should go without saying that if I’m blogging about it, I must have been successful. ¬† Indeed, I was. ¬†This server was indeed… Read more →