Hack the Box – Bashed User Own

Bashed Header Image

For quite sometime now I’ve been wanting to publish the write-up to my first successful hack on Hack the Box but as part of their terms of service you aren’t allowed to publish your write-up until that machine has been retired. Now that the Bashed machine has been retired I finally can. If you haven’t already I’d…

The CCleaner Supply Chain Attack

Third Party Software Header Image

This week Avast disclosed exactly how its CCleaner software was compromised in September last year. Avast found that the attackers logged into a TeamViewer remote desktop account on a Piriform developers computer (Piriform being the company that created CCleaner that was acquired by Avast shortly before the disclosure). With access to the remote desktop account the…

Cracking WEP Encryption

WEP Decryption Header

Recently I was tasked with cracking the WEP Encryption of a sample capture generated using Wireshark. With a sample capture provided this didn’t take long and thought I’d do a quick tutorial on how I did it. NOTE: A warning is usually appended to any article concerning the capture of packets on a network and…

The Problem with Updates

Software Update Header Image

I’ve come across a number of people recently who have installed a piece of malicious software called Snake that disguises itself as an Adobe Flash installer. This isn’t the first piece of trojan software that has affected the Mac and from memory can remember malicious software being packaged with Apple’s iWork and Xcode software previously. What…

Is Nowhere Safe from Cryptomining?

Monero Logo

Not a week goes by without something else being infected with some form of crypto-currency mining software recently; in December one of Starbucks’ Buenos Aires locations was identified as hijacking customer computers to mine Monero when they connected to in-store WiFi; and YouTube recently remedied a vulnerability that would allow crypto mining scripts to be…

Reconstructing a Transmitted File

Finding a JPEG Signature within Hex Fiend

Previously I’ve blogged about taking initial steps using Wireshark to inspect data within a network to see what data might be leaking on a network. If there does happen to be unencrypted information being transmitted on a network you may want to see exactly what that data is in order to know how important the…