Category Blog

CloneZilla from Large Disk to a Smaller Disk (C:\ or Operating System disk)

If you search for the method to clone a large disk (with smaller partitions) into a smaller disk using CloneZilla you will be directed to commercial tools pages explaining the steps in details. However I recently had to do this and it took me 4 times to get it correct.

It’s almost impossible for CloneZilla to do clone a large disk into a smaller disk without issues. So here is my guide and hopefully it will save you time:

  1. Shrink the large disk partitions into a smaller one: for this you will need MiniTool partition manager to make sure you shrink the system to the minimum you can make it. It’s important that the sum of all partitions can still fit into the smaller (target) disk. you can download the tool (it’s free to use) from here: https://www.minitool.com/partition-manager/
Read More

How to execute a large scope nmap scan efficiently and effectively

If you follow me on Twitter @xxByte you must have seen the tweets about scaning a large scope of IPs and how did I approach that.

The goal: To scan all TCP ports (0-65536) of ~800 IPs spread across Europe and detect any low hanging fruits using automated tools or manual assessment in the most efficient way with the least resources needed.

The approach:

Let’s first do some math. Scanning 65536 TCP ports on 800 IPs means:
65536 x 800 = 52428800. That’s 52428800 SYN packet out and waiting for a SYN ACK reply packets in total.

To have the rest of the project requirements we need to scan each open port with deeper script scan and version detection scan, which means even more packets.

At such scale we cannot afford to script scan blindly all TCP ports...

Read More

decoding an incomplete QRCode – Intigriti Hacking Challenge at bruCON

This year I was at bruCon in Ghent, BE. I usually either go to interesting talks or spend the conferences in challenges just like I did in Defcon back in 2017.

So during bruCON I stumbled upon this challenge with QR-code that says “first one to scan this gets 100€”; in my head I thought pff this is easy and I will probably not be the first one to scan this. So I popped my phone and scanned. Nothing happened. Then I was like oh wait .. a huge piece of this qr-code is missing.

So the first thing I thought of is to mark the squares randomly because I thought it must be redundant or error correction squars. Remember at this point I know nothing about qr-codes...

Read More

Dual boot *Encrypted* Kali 2019 with Windows 10 in peace.

If you work in security and don’t encrypt your drives, maybe you should consider something else 😉

I recently was trying to make peace with Windows 10 co-living with Kali 2019 and it was really painful process. Each time I got one side working the other side was complaining.

Eventually it boils down to this:

1- Install Windows 10 fully (including setting up a user, and password, etc.) Failign to do so will corupt the encrypted partition of kali

2- Install Kali until you reach the step to partition the disk. Choose “Manual”

3- now create 3 partitions:
– one is for /boot (~256mb)
– one for swap area (8-10gb)
– the rest is for the root mount /

4- now go to “Encrypt partition” and click “Yes” for writing the current partitions

5- now choose wherever you have swap and root...

Read More

Implementation of atoi()

A while ago I had an interesting interview question with a big tech company. The question was straight forward: Implement atoi() to convert a string to int.

Some restrictions apply:

The function first discards as many whitespace characters as necessary until the first non-whitespace character is found. Then, starting from this character, takes an optional initial plus or minus sign followed by as many numerical digits as possible, and interprets them as a numerical value.

The string can contain additional characters after those that form the integral number, which are ignored and have no effect on the behavior of this function.

If the first sequence of non-whitespace characters in str is not a valid integral number, or if no such sequence exists because either str is empty or ...

Read More

Reverse Linked List in time O(n) & space O(1)

I’m not a dev but I do enjoy a coding challenge. In this blog post I will explain how to reverse a singly linked linked-list.

The data structure looks like this:

A simple code to implement a singly linked linkedlist is:

struct ListNode {
     int val;
     ListNode *next;
     ListNode(int x) : val(x), next(NULL) {}
 };

To reverse the list: we need two pointers a previous pointer (prev) and a current one pointing to the current node we’re checking (curr). During exchanging pointers we will also a need a temporary pointer to hold the next pointer so we don’t lose track of our linked list during the reversing process

input: 1-2-3-4
output: 4-3-2-1

Needless to say you need to check for extreme cases such as an empty list, or a 1 element list.

Here is my code:

class Sol...
Read More

Retrieve cached version of website you visited on chrome Mac OS / Windows

When doing forensics sometimes it is very important to retrieve the exact version of the web page visited to see the contents at the time of visit.

Recently I had a similar task but I couldn’t find any tool for Mac OS, so I decided to ask on Twitter, however most of the answers I got were focused on Windows.

After some trail and error with Python open source tools and other paid software I found the perfect solution.

If you want to do the same you can simply copy the cached files from Mac OS and use a freeware tool from nirsoft called: ChromeCacheView

The cached files on Mac should be on ~/Library/Google/Chrome/Cache; and also concider other none primal location such:
~/Library/Application Support/Google/Chrome and
~/Library/Application Support/Google/Chrome/Default/App...

Read More

How to get Snort running under Windows


Getting snort to work under Windows is a pain in the ass, so I wrote a quick guide on how I got it working and shared some config files which will save you hours of work.

All can be accessed under my github page: https://github.com/AddaxSoft/snort-windows/

Enjoy

Read More

Offensive Security Advanced Windows Exploitation (AWE / OSEE) Review

Modern Warfare Students vs Trainers 0x2

the reason why I’m writing this post is due to the lack of reviews I found online about AWE course offered by offensive security. If you look up for OSCP or OSCE they are plenty but not so much for OSEE/AWE. If there is something I learned from hacking cons is that you can contribute to the infosec world by creating any kind of helpful material for other people (refer to the hacker manifesto); hence I decided to contribute to the infosec world in my own way too.

a little background:
To be honest it took me quite some energy and time to even get into this course due to its high demand and lack of availability. Fast forward I was sitting with almost other 30 students in Blackhat 2018 fronted by the offsec staff to teach us some exploitation black magic; and oh boy was it black magic…

the 4...

Read More

Automation: Block ssh brute force attacks with iptables

1. create an iptables.rules file in /etc/

Read More