My OSCP Review

My OSCP Review

In this blog post I'll write about my experience taking the OSCP certification as well as some recommendations for people wanting to take the exam.I got access to the OSCP lab network 2019-09-09 and lost access 2019-12-08. As you can see I chose 90 days of lab time. The number one thing I read in all the OSCP reviews out there was that do not underestimate the amount of time it takes to be successful in the lab network.

6 min read |
SEC-T CTF - G1bs0n Writeup

SEC-T CTF - G1bs0n Writeup

G1bs0n - misc 300 @mjdubell - ChalmersCTF Agent Gill called, we have until tomorrow at 15:00 UTC to fix some virus problem. File: G1bs0n.tar.gz Download: https://github.com/ymgve/ctf-writeups/blob/master/sect2017/misc300-g1bs0n/gibson.zip Even though I followed too many rabbit holes, this was a fun challenge to work on. In order to solve this challenge, you would need some basic understanding on how to analyze memory dumps. I solved this challenge with volatility which

3 min read |
UIUCTF - Are we out of the woods yet? Reversing 350p

UIUCTF - Are we out of the woods yet? Reversing 350p

It looks like this python script was run through a custom packer. It's just Python*, which means it must be easy to reverse, right? *v3.6.1:69c0db5 https://www.youtube.com/watch?v=y8qQsXpcZXA This was fun little challenge that our team (https://chalmersctf.se) solved together. You are presented with the file packed.py that contains the following code: import marshal, zlib, base64, itertools def xor_strings(_left, _k): out = b'' for l, r in zip(_left, itertools.

5 min read |

VolgaCTF - Bloody Feedback writeup

Bloody Feedback Send your feedback at bloody-feedback.quals.2017.volgactf.ru DO. NOT. USE. SQLMAP Otherwise your IP will be banned The challenge basically has two functions, 1) Send feedback and 2) view the status of the sent feedback. There is also page that cotains "Top Messages" which is the feedback people send in. When you send feedback you get a token back which you can use to see if the feedback has been processed or not. I

3 min read |

VolgaCTF - Share Point writeup

Share Point Look! I wrote a good service for sharing your files with your friends, enjoy) share-point.quals.2017.volgactf.ru The challenge begun by signing in to the control panel by simply entering random account details. Once logged in you had the ability to upload files and share them with an other user. Since the site only had one functionality, uploading files, I assumed the goal had to be to upload a web shell and find the flag on

2 min read |
Page 1 of 4 Older