Articles

Affichage des articles du décembre, 2024
Image
  Sherlock Santa Krampus :  OpTinselTrace24-1: Sneaky Cookies                               I-  Scenario     QUESTION 1: Krampus, a notorious threat actor, possibly social-engineered bingle as email security filters were offline for maintenance. Find any suspicious files under Bingle Jollybeard User directory and get back to us with the full file name explanation: After succesfully unzip the downloaded file , make a tree on it and look for any suspicious coming from Bingle \Jollybeard   user           Answer : QUESTION 2: Using the malicious file sent as part of phishing, the attacker abused a legitimate binary to download and execute a C&C stager. What is the full command used to download and execute the C&C Binary?   explanation : Ok , Inside of the directory where the shorcut file is located , use " lnkinfo"...
Enregistrer un commentaire
Read more »
Image
  Day 18 - ADVENT OF CYBER 2024 TRYHACKME : I could use a little AI interaction! Storyline Hyped with their latest release, a "health checker" service that tracks the health and uptime of the Wareville systems, the Wareville developers envisage the day in which the inhabitants of Wareville have a one-stop shop for seeking the answers to life's mysteries and aiding them in their day-to-day jobs. As an initial first stage, the Wareville developers create an alpha version of WareWise - Wareville's intelligent assistant. Aware of the potential dangers of intelligent AI being interacted with, the developers decided to slowly roll out the chatbot and its features. The IT department is the first to get hands-on with WareWise. For the IT department, WareWise has been integrated with the "health checker" service, making it much easier for the IT department to query the status of their servers and workstations. Learning Objectives In today's task, ...
Enregistrer un commentaire
Read more »
Image
  Hi , everyone , today i'm going to show how to perform xxe exploitation for the story , XXE stands for "xml external entity" it's a kind of vulnerability of web system that takes advantage of a flow of data parsed and dispkayed onto xml related documents *How XML Works               xml have basic key concept like          1-entity and referencer in xml               The example above is what xml looks like , it something where datas are stored following a structure that we called entity , entity contains that tags that give more informations about the subject we face.          1-1 Document Type definition          Like in html concept , the use of document type     definition in xml is crucial for what we lead to .We     could think about it as set of rul...
Enregistrer un commentaire
Read more »