Trollcave 1.2 – walkthrough

Trollcave is a vulnerable VM, in the tradition of Vulnhub and infosec wargames in general. You start with a virtual machine which you know nothing about – no usernames, no passwords, just what you can see on the network. In this instance, you’ll see a simple community blogging website with a bunch of users. From […]

Read More Trollcave 1.2 – walkthrough

Notes on making CTF games

Some time ago I wrote a post named “unofficial guide to creating CTF VMs“. Since then I have been approached by random people, students I mentor and colleagues asking how to make that virtual machine vulnerable. Well, I never intended that post to reveal that. It was simply left as an exercise to the readers. Today I […]

Read More Notes on making CTF games

Wallaby’s Nightmare – Walkthrough

This segment of my Vulnhub series covers my walkthrough for the “Wallaby’s Nightmare (v1.0.2)” game. Finding Host and uncover services As always, I began finding the address of the game: Command sudo nmap -sn 192.168.110.0/24 In my case, target got assigned IP address 192.168.110.11. Then moved on uncovering services: Command sudo nmap -p1-65535 -A -T4 […]

Read More Wallaby’s Nightmare – Walkthrough

Proactive vulnerability scanning

  Today I am demonstration how to proactively work with the results from a vulnerability scanner to secure a server. I will set up a vulnerability scanner to scan a server in my test lab in order to discover how it appears to attackers running similar tools. We will touch upon fixing low hanging fruits […]

Read More Proactive vulnerability scanning

Fuzzing – CTF primer

Fuzz testing or fuzzing is a technique commonly used in software testing to find how software responds to invalid, unexpected or random data. The targeted software may fail, give unexpected output or misbehave processing the randomized input data. Input that leads to such situations is then addressed and rectified. The term fuzz testing originates from a […]

Read More Fuzzing – CTF primer

NoSQL prevalence

A database is an organized collection of data. It is the collection of schemas, tables, queries, reports, views and other objects. It’s also a framework for frustration.Trying to get a grip on data organized into a model of aspects in a way that supports processes requiring information, such as modelling the availability of rooms in motels in a […]

Read More NoSQL prevalence

TAILS OS – privacy for anyone

Keeping your privacy is hard in our world of technology. Luckily there’s a solution available for free for you to stay undercover. Today I’ll be presenting Tails OS – maybe you’ve heard about it, maybe you haven’t. Tag along and maybe it’ll peak your interest! What is it? Tails is a live Linux system aiming […]

Read More TAILS OS – privacy for anyone

SNMP – basic facts

SNMP stands for Simple Network Management Protocol and is a standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Typical devices include routers, switches, servers, workstations, printers and modem racks. This protocol exposes system configuration information in the form of variables on the managed devices. These variables can be […]

Read More SNMP – basic facts

Breaches gone wild

Halfway past 2016 and news on breached data from social media sites has been hitting us constantly. Massive data dumps has been released into the wild, and they come with a hefty price tag for those willing to pay. Data from anything between small to big fat juicy players have been disclosed – and guess what? Most […]

Read More Breaches gone wild