RingZer0team CTF - Challenges 86, 87, and 88

Posted on Thu 13 July 2017 in Security • Tagged with Security, Tech, RingZer0Team

There are a bunch of fantastic Capture The Flag security challenges on RingZer0Team.com. I've been working through some of these for a wee while now, and with the New Zealand Cyber Security Challenge coming up again soon, I thought I'd get back into some of them.

Challenge 86 ("1/3 Do not waste the environment", under the Forsensic Challenges) is one of a series of challenges where you need to dig through some provided data to find the flag.

I started by downloading the 'forensic bundle', which was just …


Continue reading

Staying Secure in Business

Posted on Wed 28 June 2017 in Security • Tagged with Security, Tech

A friend asked a question today on Facebook. I started writing a reply, and it turned into a 700-word essay. Hate it when that happens...

The question was:

"If large multi-international companies are getting hacked in Europe who have millions if not billions of $$ and capacity to protect their IT systems - how can small/micro businesses protect their IT platforms and systems?"

Firstly - nobody is safe from an APT ("Advanced Persistent Threat"). The recent NotPetya outbreak was an APT - malicious actors hacked a Ukrainian firm that produced accounting software, and …


Continue reading

RingZer0team CTF - Challenge 44

Posted on Sat 24 June 2017 in Security • Tagged with Security, Tech, RingZer0Team

There are a bunch of fantastic Capture The Flag security challenges on RingZer0Team.com. I've been working through some of these for a wee while now, and with the New Zealand Cyber Security Challenge coming up again soon, I thought I'd get back into some of them.

Challenge 56 ("Hey Chuck where is the flag?", under the Forensic Challenges) started by only offering a .pcap file. I downloaded Wireshark and had a quick dig. The packet capture consisted of a brief browse of a "Chuck Norris Facts" website.

After quickly …


Continue reading

RingZer0team CTF - Challenge 65

Posted on Sat 24 June 2017 in Security • Tagged with Security, Tech, RingZer0Team

This is a continuation of my series on RingZer0Team.com.

Challenge 65 ("Hide my ass in my home", under the Forensic challenges) is a nice quick little forensic challenge. You get to download a .tar file, and do a bit of digging to uncover the flag.

This was a nice easy few minutes. After downloading the archive, I discovered a few files inside - including a particularly groovy electronica swing track, which I'm listening to again right now. Yeaaaaahhhhh.

Apart from a groovy mp3, the archive contains some dot-files such as …


Continue reading

Wireguard - Part Three (Troubleshooting)

Posted on Mon 12 June 2017 in Tech • Tagged with Tech, Security, Wireguard, Networking, Linux

This is part of my brief series on Wireguard. I'm pretty enamoured with Wireguard and the way it works, but there were a couple slightly curly bits that I needed to get my head around. This troubleshooting guide is a rough dump of the issues I had, and how I fixed them.

Gotten Stuck?

At this stage, there are actually a few ways that this can go wrong, even though we haven't done much. Think through all the bits:

  • Installed Wireguard at both ends
  • Set up your NAT rule on …

Continue reading

Wireguard - Part Two (VPN routing)

Posted on Sun 11 June 2017 in Tech • Tagged with Tech, Security, Wireguard, Networking, Linux

This is a continuation of my brief series on the new Wireguard VPN. Part One was about the simple building-blocks to get Wireguard working between two endpoints. Now that we've got a couple machines able to ping each other by IP address, we can carry on a bit deeper into the inter-LAN routing stuff.

Extending on from the IP addresses in Part One, instead of JUST connecting to the remote machine, I want to actually have access to everything on the whole 10.20.0.0/16 network; even the …


Continue reading

Wireguard - Part One (Installation)

Posted on Sat 03 June 2017 in Tech • Tagged with Tech, Security, Wireguard, Networking, Linux

Wireguard is the most excellent VPN stack around. It's really fast, the concept of Cryptokey Routing is awesome, and I love the speed and simplicity benefits that come from opionionated cryptography. The protocol is so simple - expressed in a mere 4k lines of code - that it's auditable by anyone.

But.

With my initial naive approach, I found myself using HTTPS, over ports forwarded over SSH tunnels, connected over Wireguard. Although it was straightforward to get Wireguard working between two endpoints, I ended up in nested-crypto hell.

So, this brief series …


Continue reading

Pan-fried Spicy Miso Chicken

Posted on Mon 29 May 2017 in Food • Tagged with Recipes, Food

Jeez I just discovered I've only posted a single recipe on this. Time to change that.

Chicken for dinner tonight. I was feeling a little adventurous, and definitely wanted some miso involved, but also felt like cayenne pepper and shallow-fried chicken strips. Here's the result! This went really well on a base of bulgur wheat, and with a side of stir fried veggies.

Ingredients

  • Two chicken breasts, skinless
  • 2 tsp miso paste
  • 2/3 cup plain flour
  • 2 tsp celery salt
  • 1 1/2 tsp onion powder
  • 2 tsp smoked …

Continue reading

RingZer0team CTF - Linux Sysadmin challenges

Posted on Sun 28 May 2017 in Security • Tagged with Security, Tech, RingZer0Team

There are a bunch of fantastic Capture The Flag security challenges on RingZer0Team.com. I've been working through some of these for a wee while now, and with the New Zealand Cyber Security Challenge coming up again soon, I thought I'd get back into some of them.

The Sysadmin Linux series of challenges is where you're trying to breach the security of a Linux system. I actually finished most of these last year, but I wanted to finish my last two. Of course, to get to the last two stages …


Continue reading

RingZer0team CTF - Challenge 148

Posted on Sat 27 May 2017 in Security • Tagged with Security, Tech, RingZer0Team, Python

There are a bunch of fantastic Capture The Flag security challenges on RingZer0Team.com. I've been working through some of these for a wee while now, and with the New Zealand Cyber Security Challenge coming up again soon, I thought I'd get back into some of them.

Challenge 148 ("Sysadmin Linux Level 2") is one of a series of challenges where you're trying to breach the security of a Linux system. I actually finished most of these last year, but I wanted to finish my last two. Of course, to …


Continue reading