PHP Malware Examination Part 2 - 2018-11-27 21:56:04

Presented by Tim Follow me on Twitter Following on from the malware, I investigated earlier in the month, my friend gave me further files to continue working out what was the function of the malware. See part 1 here.. All analysis was performed on a virtual machine and only details which could have identified the victim have been removed. What I was given The first think he pointed out was that there was over 50MB of the infection.

PHP Malware Examination - 2018-11-07 21:56:04

Presented by Tim Follow me on Twitter Update - Part 2 I was asked earlier this week by a friend to have a look at some malware, which had been uncovered on a compromised computer. I didn’t ask where it had came from, or indeed the host environmnet. Having programmed in PHP since university and malware analysis is kind of a hobby, I thought I would give it a go.

OWASP CTF Prep - Crypto Challenge - 2018-10-20 00:00:00

Presented by Paul Follow me on Twitter Useful Pages for the crypto challenges Dcode is a really cool website with lots of different tools to help with decoding of various cryptography CyberChef Cyberchef is a tool that you can use to encode and decode things into all sorts of different formats, it’s a really great tool you should check it out! There also seems to be a Twitter account that will post more clues

OWASP CTF Prep - 2018-10-18 13:07:40

Presented by Tim Follow me on Twitter Soon …

Bob Vulnhub Vm Writeup - 2018-05-30 22:50:00

Presented by Paul w Follow me on Twitter Introduction Tonight I thought I’d have a go at a box on VulnHub the box I picked was a fairly recent one as I wanted to ease myself back into doing some CTFs - I’ve been a bit busy doing other things recently - anyway I chose the box Bob:1.0.1 it sounded fairly simple: “Your Goal is to get the flag in / Hints: Remember to look for hidden info/files”

AES decode with Cyberchef - 2018-03-20 23:50:00

Presented by Tim Follow me on Twitter Introduction This is a follow up article to Paul W’s write-up about m1con’s mobile ctf. In the article, Paul mentioned Cyberchef, and it was a quick way of solving the challenge. Since Cyberchef wasn’t covered, and may provide a quicker solution for future ctf challenges, I decided to describe it here. What is CyberChef? CyberChef was developed by GCHQ to quickly perform certain operations on inputs.

M1Con CTF Write up - 2018-03-20 23:50:00

Presented by Paul w Follow me on Twitter Introduction Last night I went to the meetup group “M1 Con” hosted by Digital Interruption and Outsource UK Ltd. Jay Harris gave a talk about mobile security - it wasn’t super technical, but it highlighted the fact that clearly security is still a bit of an after thought especially when it comes to mobile development - he cited examples of issues that crop up in mobile devices that were fixed in web apps (XSS vulnerabilities for example) long ago.

My Weird Path to Infosec - 2018-03-09 21:42:40

Written by Tim My “Weird” Path to Infosec This article was inspired in part by the growing number of people tweeting about thier infosec Journeys. As mine is a little long, I though I would blog about it, rather than tweet. It is well established that I am reasonably old. Not massively old, just reasonably. Apparently, I am a member of a generation which is called the Xennials. I had an analogue childhood and now live in a digital time.

Eavesdropping on WiFi Baby Monitor - 2018-02-25 00:00:00

Written by Rob Whilst analysing a number of free communication based applications on the Google Play Store, I took a look at WiFi Baby Monitor: Free & Lite (the free version of WiFi Baby Monitor). Although the premium version offered users the ability to specify a password to be used in the pairing process, the free version offered no such function. Monitoring the traffic using Wireshark during the pairing process revealed:

Disclosure Woes: Dealing With Non-Techies - 2018-02-02 00:00:00

Written by Rob What I Am Writing About Unlike most things I publish, this isn’t going to focus on how I came to find a vulnerability, but rather the problems I had trying to disclose it, and things that I could have approached better, in the hope it may help other people in the future if faced with being a small fish in a big pond which is trying to approach a larger organisation, who have few technical staff.