Why are all Split-Tunnel VPN diagrams so ugly?

Posted on Thu 21 May 2020 in Security • Tagged with Security, Tech

Right.

Today I needed to find a diagram of the traffic flow for a split-tunnel VPN. Nothing fancy, just a real simple user-facing diagram to form part of an article.

And friends, there was nothing. Nothing at all. I found proper technical ones from Cisco Meraki; fancy Office365 ones, depicting an ExpressRoute to O365 and tunnelling everything else through the VPN; and another Office365 tunnel with ExpressRoute and a split-tunnel for the rest of the traffic.

Pretty much the closest I came to my needs was this atrocity, via http …


Continue reading

RingZer0team CTF - Challenges 86, 87, and 88

Posted on Thu 13 July 2017 in Security • Tagged with Security, Tech, RingZer0Team

There are a bunch of fantastic Capture The Flag security challenges on RingZer0Team.com. I've been working through some of these for a wee while now, and with the New Zealand Cyber Security Challenge coming up again soon, I thought I'd get back into some of them.

Challenge 86 ("1/3 Do not waste the environment", under the Forsensic Challenges) is one of a series of challenges where you need to dig through some provided data to find the flag.

I started by downloading the 'forensic bundle', which was just …


Continue reading

Staying Secure in Business

Posted on Wed 28 June 2017 in Security • Tagged with Security, Tech

A friend asked a question today on Facebook. I started writing a reply, and it turned into a 700-word essay. Hate it when that happens...

The question was:

"If large multi-international companies are getting hacked in Europe who have millions if not billions of $$ and capacity to protect their IT systems - how can small/micro businesses protect their IT platforms and systems?"

Firstly - nobody is safe from an APT ("Advanced Persistent Threat"). The recent NotPetya outbreak was an APT - malicious actors hacked a Ukrainian firm that produced accounting software, and …


Continue reading

RingZer0team CTF - Challenge 44

Posted on Sat 24 June 2017 in Security • Tagged with Security, Tech, RingZer0Team

There are a bunch of fantastic Capture The Flag security challenges on RingZer0Team.com. I've been working through some of these for a wee while now, and with the New Zealand Cyber Security Challenge coming up again soon, I thought I'd get back into some of them.

Challenge 56 ("Hey Chuck where is the flag?", under the Forensic Challenges) started by only offering a .pcap file. I downloaded Wireshark and had a quick dig. The packet capture consisted of a brief browse of a "Chuck Norris Facts" website.

After quickly …


Continue reading

RingZer0team CTF - Challenge 65

Posted on Sat 24 June 2017 in Security • Tagged with Security, Tech, RingZer0Team

This is a continuation of my series on RingZer0Team.com.

Challenge 65 ("Hide my ass in my home", under the Forensic challenges) is a nice quick little forensic challenge. You get to download a .tar file, and do a bit of digging to uncover the flag.

This was a nice easy few minutes. After downloading the archive, I discovered a few files inside - including a particularly groovy electronica swing track, which I'm listening to again right now. Yeaaaaahhhhh.

Apart from a groovy mp3, the archive contains some dot-files such as …


Continue reading

RingZer0team CTF - Linux Sysadmin challenges

Posted on Sun 28 May 2017 in Security • Tagged with Security, Tech, RingZer0Team

There are a bunch of fantastic Capture The Flag security challenges on RingZer0Team.com. I've been working through some of these for a wee while now, and with the New Zealand Cyber Security Challenge coming up again soon, I thought I'd get back into some of them.

The Sysadmin Linux series of challenges is where you're trying to breach the security of a Linux system. I actually finished most of these last year, but I wanted to finish my last two. Of course, to get to the last two stages …


Continue reading

RingZer0team CTF - Challenge 148

Posted on Sat 27 May 2017 in Security • Tagged with Security, Tech, RingZer0Team, Python

There are a bunch of fantastic Capture The Flag security challenges on RingZer0Team.com. I've been working through some of these for a wee while now, and with the New Zealand Cyber Security Challenge coming up again soon, I thought I'd get back into some of them.

Challenge 148 ("Sysadmin Linux Level 2") is one of a series of challenges where you're trying to breach the security of a Linux system. I actually finished most of these last year, but I wanted to finish my last two. Of course, to …


Continue reading

RingZer0team CTF - Challenge 57

Posted on Fri 05 May 2017 in Security • Tagged with Security, Tech, RingZer0Team, Python

This is a continuation of my series on RingZer0Team.com.

Challenge 57 ("Hash Breaker Reloaded", under the Coding Challenges) is one of a series of challenges where you're simply presented with a hash - you need to return the plaintext value to the page within 3 seconds.

In contrast to Challenge 56, this challenge also includes a salt:

You have 3 seconds to break this hash
Send the answer back using https://ringzer0team.com/challenges/57/[clear_text]


----- BEGIN HASH -----
ab9507edbb2501b3c02e47c51af0178d68655980
----- END HASH -----

----- BEGIN SALT -----
c2ac9d8d004b4011d0864e76c7ebaaccfd18464bb8ff66bdbf19a703eb95a944
----- END SALT -----

The hash looks like …


Continue reading

RingZer0team CTF - Challenge 56

Posted on Tue 02 May 2017 in Security • Tagged with Security, Tech, RingZer0Team, Python

There are a bunch of fantastic Capture The Flag security challenges on RingZer0Team.com. I've been working through some of these for a wee while now, and with the New Zealand Cyber Security Challenge coming up again soon, I thought I'd get back into some of them.

Challenge 56 ("Hash Breaker", under the Coding Challenges) is one of a series of challenges where you're simply presented with a hash - you need to return the plaintext value to the page within 3 seconds.

Of course, this is impossible to do manually …


Continue reading