Creating and uploading a Python project to Github

Having recently attended BSides London 2018 I’ve become more conscious of where my skills fall short and more determined to increase them. An area I’m particularly determined to improve is my programming skills. One of the subjects I did at A-Level was computing where I we were tasked with creating a program in Pascal. Pascal…

Analysing BadStore – Ways To Exploit It

BadStore is a popular application for demonstrating possible vulnerabilities that may occur in web applications. Bad Store is packaged as part of a disk image available from VulnHub and can be run within the Hypervisor of your choice (I use VirtualBox). Recently I was shown it by someone and thought I’d write a small walkthrough…

Hack the Box – Bashed User Own

Bashed Header Image

For quite sometime now I’ve been wanting to publish the write-up to my first successful hack on Hack the Box but as part of their terms of service you aren’t allowed to publish your write-up until that machine has been retired. Now that the Bashed machine has been retired I finally can. If you haven’t already I’d…

The CCleaner Supply Chain Attack

Third Party Software Header Image

This week Avast disclosed exactly how its CCleaner software was compromised in September last year. Avast found that the attackers logged into a TeamViewer remote desktop account on a Piriform developers computer (Piriform being the company that created CCleaner that was acquired by Avast shortly before the disclosure). With access to the remote desktop account the…

Cracking WEP Encryption

WEP Decryption Header

Recently I was tasked with cracking the WEP Encryption of a sample capture generated using Wireshark. With a sample capture provided this didn’t take long and thought I’d do a quick tutorial on how I did it. NOTE: A warning is usually appended to any article concerning the capture of packets on a network and…

The Problem with Updates

Software Update Header Image

I’ve come across a number of people recently who have installed a piece of malicious software called Snake that disguises itself as an Adobe Flash installer. This isn’t the first piece of trojan software that has affected the Mac and from memory can remember malicious software being packaged with Apple’s iWork and Xcode software previously. What…

Is Nowhere Safe from Cryptomining?

Monero Logo

Not a week goes by without something else being infected with some form of crypto-currency mining software recently; in December one of Starbucks’ Buenos Aires locations was identified as hijacking customer computers to mine Monero when they connected to in-store WiFi; and YouTube recently remedied a vulnerability that would allow crypto mining scripts to be…