Trollcave is a vulnerable VM, in the tradition of Vulnhub and infosec wargames in general. You start with a virtual machine which you know nothing about – no usernames, no passwords, just what you can see on the network. In this instance, you’ll see a simple community blogging website with a bunch of users. FromContinue reading “Trollcave 1.2 – walkthrough”
Category Archives: Security
Notes on making CTF games
Some time ago I wrote a post named “unofficial guide to creating CTF VMs“. Since then I have been approached by random people, students I mentor and colleagues asking how to make that virtual machine vulnerable. Well, I never intended that post to reveal that. It was simply left as an exercise to the readers. Today IContinue reading “Notes on making CTF games”
Wallaby’s Nightmare – Walkthrough
This segment of my Vulnhub series covers my walkthrough for the “Wallaby’s Nightmare (v1.0.2)” game. Finding Host and uncover services As always, I began finding the address of the game: Command sudo nmap -sn 192.168.110.0/24 In my case, target got assigned IP address 192.168.110.11. Then moved on uncovering services: Command sudo nmap -p1-65535 -A -T4Continue reading “Wallaby’s Nightmare – Walkthrough”
Proactive vulnerability scanning
Today I am demonstration how to proactively work with the results from a vulnerability scanner to secure a server. I will set up a vulnerability scanner to scan a server in my test lab in order to discover how it appears to attackers running similar tools. We will touch upon fixing low hanging fruitsContinue reading “Proactive vulnerability scanning”
Fuzzing – CTF primer
Fuzz testing or fuzzing is a technique commonly used in software testing to find how software responds to invalid, unexpected or random data. The targeted software may fail, give unexpected output or misbehave processing the randomized input data. Input that leads to such situations is then addressed and rectified. The term fuzz testing originates from aContinue reading “Fuzzing – CTF primer”
NoSQL prevalence
A database is an organized collection of data. It is the collection of schemas, tables, queries, reports, views and other objects. It’s also a framework for frustration.Trying to get a grip on data organized into a model of aspects in a way that supports processes requiring information, such as modelling the availability of rooms in motels in aContinue reading “NoSQL prevalence”
TAILS OS – privacy for anyone
Keeping your privacy is hard in our world of technology. Luckily there’s a solution available for free for you to stay undercover. Today I’ll be presenting Tails OS – maybe you’ve heard about it, maybe you haven’t. Tag along and maybe it’ll peak your interest! What is it? Tails is a live Linux system aimingContinue reading “TAILS OS – privacy for anyone”
SNMP – basic facts
SNMP stands for Simple Network Management Protocol and is a standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Typical devices include routers, switches, servers, workstations, printers and modem racks. This protocol exposes system configuration information in the form of variables on the managed devices. These variables can beContinue reading “SNMP – basic facts”
Breaches gone wild
Halfway past 2016 and news on breached data from social media sites has been hitting us constantly. Massive data dumps has been released into the wild, and they come with a hefty price tag for those willing to pay. Data from anything between small to big fat juicy players have been disclosed – and guess what? MostContinue reading “Breaches gone wild”
TFTP – Trivial File Transfer Protocol
TFTP was first defined in 1980 and with later revisions between 1981 and 1998. The name itself is an abbreviation of Trivial File Transfer Protocol. It operates like FTP, but is much simpler. It lacks login and access control mechanisms, it can only store and retrieve files, and it uses no transmission encryption. To make itContinue reading “TFTP – Trivial File Transfer Protocol”
reedphish 