How To Handle (Linux) Malware Safely: A Speedrun

*I WILL NOT BE RESPONSIBLE FOR ANY INFECTION YOU MIGHT CAUSE*To handle malware safely requires some understanding of operating systems. This is because, after all, it is your OS that you do not want infected. Buuuut, that being said, you can go about it with minimal understanding and a…

Writing a Windows WDM driver

Windows Driver Model is an ancient framework for writing drivers introduced in Windows 98. Despite this, it is still available on the newest versions of Windows and probably will be for a long time, as many drivers are still today written with WDM.…

Hackerakademiet CTF Crypto (Low exponent RSA)

This is a post about the crypto challenge embedded in the promo video for Hackerakademiet.The video contains a couple of frames showing parts of the challenge. The frames show three of the same formatted text, each containing a public key for a team, and a cipher text. The three…

Hackerakademiets CTF

Dette er en del af mine writeups til hackerakademiets CTF.Dette år er FE igen ude med en CTF som markedsføring for deres uddannelse. Denne CTF er som altid lige i min boldgade med massere af reversing, og interessante udfordringer. Dette år er ikke en undtagelse, da de har udviklet…

PwnThyBytes TTM Writeup (TimeTravelDebugging)

Two files are given, TTM.py and TTM.run, along with a hint to Time Travel Debugging (TTD). The contents of ttm.py is:from Crypto.Cipher import AES from Crypto.Util import Counter from os import urandom with open("secret_key", "rb") as key_file_fd: KEY = key_file_…

VirusTotal - URI parsing errors

During my work, i stumbled across a phishing mail. Clearly malicious, bad grammar, weird link etc.The link was to a PDF document hosted somewhere, with a link that then pointed to a URI that looked a little strange. More specifically it had html encoded chars in the URI, but…

ExamCookie – UAC bypass

ExamCookie er et dansk overvågningsprogram til at monitorere computere under eksamination. Programmet minder mest af alt om spyware, og kommer med en række features man ofte ville se i spyware: Skærmdumper Keylogger Process logning Logning af udklipsholder Overvågning af netværkstrafik Disse bliver brugt under eksamen, der er også en række…

Root på SAGEMCOMF@st 3890

Default login og command injection For nogle måneder tilbage rapporterede jeg en sårbarhed i en TDC/Yousee router jeg kiggede på. Sårbarheden er i to dele og gjorde det trivielt at få root på routeren. Det er nu så længe siden, og jeg har modtagere indtil flere opdateringer på routeren,…