Category Blog

How to get Snort running under Windows


Getting snort to work under Windows is a pain in the ass, so I wrote a quick guide on how I got it working and shared some config files which will save you hours of work.

All can be accessed under my github page: https://github.com/AddaxSoft/snort-windows/

Enjoy

Read More

Offensive Security Advanced Windows Exploitation (AWE / OSEE) Review

Modern Warfare Students vs Trainers 0x2

the reason why I’m writing this post is due to the lack of reviews I found online about AWE course offered by offensive security. If you look up for OSCP or OSCE they are plenty but not so much for OSEE/AWE. If there is something I learned from hacking cons is that you can contribute to the infosec world by creating any kind of helpful material for other people (refer to the hacker manifesto); hence I decided to contribute to the infosec world in my own way too.

a little background:
To be honest it took me quite some energy and time to even get into this course due to its high demand and lack of availability. Fast forward I was sitting with almost other 30 students in Blackhat 2018 fronted by the offsec staff to teach us some exploitation black magic; and oh boy was it black magic…

the 4...

Read More

Automation: Block ssh brute force attacks with iptables

1. create an iptables.rules file in /etc/

Read More

quick writeup for Hacker0x1’s mini CTF: Capture The Flag: reversing the password

If you missed this one; please head to this link, and try it yourself before going to the solution.

Read More

automate a safe wordpress update through a cron job

I’m a great believer in automation; as one of my interviewers said to me once: If we do it twice; we automate it.
I adopted this style throughout my work; hence I wanted to show how would I upgrade/update the WordPress core and plugins using cron to keep all my blogs and sites secure and up to date with security patches.

1- get & install wp-cli (how/where)
2- write a script to use wp-cli to update WordPress [see attached code]

Read More

auto login to backtrack and startx in 2017

Wait; did I say BackTrack? Yes Backtrack is still a cool (outdated) distro for hacking!
If for some odd reasons you still need to use BackTrack in 2017 (hello? have you heard of Kali), I won’t judge you.
Maybe you’re doing your OSCE and need an image that is still in the course / labs

This post is meant to save you some time if you haven’t used BackTrack for a while and need to get some things done with it.

1. We want to change the root password

Read More

breaking out of a restricted shell – the offensive way

Recently I was working on one of the vulnhub vulnerable boxes and once I finally got a reverse shell it was a restricted one. What a bummer!
In this post I want to document how did I breakout of it in a simple way.

There many ways to break out of the restricted shell (aka /bin/rbash). One simple way for example is to use perl or python to call /bin/sh:

Perl/Python aren’t the only ways. You can STILL breakout if vim, vi, awk, gdb, more, less, etc. are allowed!

What I want to add here is a special case of a restricted bash, that’s when the rbash is called with an output redirection.
So might be able to use the earlier tricks to breakout but it’s no good as all the output is being r...

Read More

Fixing faulty temperature sensor in the MacBook (aka Ts0P)

back in the summer of 2016 I was eating an orange while working just to end up with a drop of orange liquid inside the keyboard of my beloved macbook.

I am very attached to this macbook since years, and this juice decided to ruin the worst possible key [SHIFT] in the mac, hence all I was able to write is capital letters, the booting won’t work because it MAC OS boots to safe-mode by default if the shift key is pressed on booting time. Even worse than this all was not able to login into my environments because the all my passwords were capitalized.

Back then I decided to override the [SHIFT] key using a software interupt, which worked greatly until I decided to replace the whole macbook keyboard. The process of replacing the keyboard wasn’t that complicated, what came next was 🙂

Upon bo...

Read More

Everyday Cryptography by Keith Martin

Note: This post is part of the “20p Everyday” project.

I was fortunate enough to attend one of the best information security schools in the world. Yes that’s Royal Holloway University of London after a long academic journey, ups and downs of course..
I was even more fortunate to have the author of this book, Keith Martin, as one of my professor back in RHUL.
He taught me “Crypto 1”. I enjoyed his lecture very much. It was one of the most interesting lecture at times.

Personally I had some ideas about cryptology (the correct term btw.) since my computer security course I took with Fadi Aloul at the American University of Sharjah (AUS). I had an idea about
what is a public key what is a private key, and what’s PGP (pretty good privacy), thanks to Taha Landolsi and his course “Networks II” at...

Read More

add HSTS to Apache

We mentioned before how did we switch to SSL since 2017.

I want to add here how to set HSTS to prevent a wellknown SSL attack called SSL-Strip.

  • What is SSL Strip?

You can watch the full talk to understand in details how this works here.
Basically the attacker is somehow (we don’t care how) a MITM setting in between the victim and the authentic server.
The attacker in this case can do a downgrade attack on SSL and transfer all HTTPs connection to the normal plain text HTTP connections.
Now the attack can simply sniff all data being communicated between the victim and the server.
The attacker is also free now to change the data and execute other attacks such as injecting malware into the traffic.

  • What is HSTS

HSTS or HTTP Strict Transport Security allows web servers to declare that web b...

Read More