Following the Africahackon Conference 2015 the OWASP Mth3l3m3nt Framework was used in the CTF solution to make it easier, faster and more efficient to manage the attack. The main modules used in this are: Generic Request Maker Shell Generator Web Herd (HTTP Bot)
It’s Finally out there the OWASP Mth3l3m3nt Framework . It’s a small tool to aid you in carrying out your pentest tasks with as little resources as possible. Most of us can afford the simple shared hosting services but not a powerful enough VPS to run pentest distros especially due to cost constraints. This one […]
This is a followup article to the previous one. So say the machine has an antivirus that’s not so smart, well you can attempt to kill it. We will make a function that will utilize windows management to load processes and find a specific one based on the antivirus or protection program. Now since […]
Today we are going to put the theory to the test and make a simple and non intelligent virus based on our article here. We will be using visual basic 6. You can get a portable copy here. A little recap was we said a typical malware form consists of 3 parts. A replicator A […]
What’s in a lab that which we call malware, by any other name would still be as malicious. Incase you missed the article on malware introduction you can find it here. I made a small application that will emulate some of the attacks by the viruses in a slightly controlled manner just to give you […]
This is based on the Noob CTF Labs. Level One is here. Answer: infosec_flagis_welcome The hint is ” may the source be with you” therefore press ctrl+u on the browser and view the source. notice there is a HTML Comment at the top of the page. <!– infosec_flagis_welcome –>
This is based on the infosec Institute Noob CTF http://ctf.infosecinstitute.com/. In Level 2. Answer: infosec_flagis_wearejuststarting Step one : The Image is broken but exists in the image folder. so we download it. first thing is identify if it is indeed an image. We can use filealyzer for this. Now in the Hex tab we see […]
It has become a trend with the 4 phase phish : Identify a target Attack the site Upload phishing page Email and Harvest Well from the previous post we identified some flaws in the phishing attack but that’s 2014. It gets worse when phishers become this uncreative. The uncreativity was an attempt in one of […]
So the Phish Still Lives. I’d like to call it a 419 but this seems closer home reason being , choice of name : MakOtieno Stephen <abbastephen13@gmail.com> How it was all meant to go down: Send the E-mail Get me to read and open an attachment that tells me to login to Gmail to read […]
This is a simple discussion based on the demo done at Barcamp 2014.This writeup is based on the problems faced in the implementation of a majority of the cloud based systems especially those offered as SaaS. Some of the issues highlighted here are: Session Management Failures Poor Coding Practices (Non Secure SDLC) Failed Business Continuity […]