$HOME on nankeen

Printer Hacking Part 1 - Dumping Firmware and Debugging

Tue, 03 Aug 2021 10:58:30 +0100

It’s summer! For me this meant another season in Edinburgh but with some sun. For some of those at university it meant moving back home or even graduating. Which is what I suppose happened when I saw some books and other belongings by the pavement with a sign saying they’re free while on a walk around Sciennes. Among those was an Epson Workforce WF-2630. Context Now have you ever looked at something and immediately your mind goes: poggers.

pwnEd 2021 - Diary Pwn Challenge

Fri, 12 Mar 2021 15:58:56 +0000

pwnEd 2021 was the second iteration of the University of Edinburgh cyber security competition hosted by SIGINT from CompSoc. I’m a member of SIGINT and was the author of the diary pwn challenge, which was the only challenge without any solves throughout the CTF. This post will attempt to describe how to solve this challenge in detail for those with less experience in heap exploitation. Note: This challenge was modified from UnionCTF 2021’s notepad challenge, which I also wrote.

Google CTF Qualifiers 2020 - Root Power

Tue, 25 Aug 2020 01:21:45 +0100

A reverse engineering challenge I worked on for Google CTF Qualifiers 2020. I played with cr0wn 🇬🇧, which came 16th and qualified for the next stage. We were provided a virtual machine disk image and had to recover the root password. Outline First look at disk image. Access the file system. Discover the authentication mechanism. Reverse engineering a kernel module. Discovering what initramfs contains and does. Reverse engineering an AML file.

Defcon CTF Qualifiers 2020 - cursed

Mon, 18 May 2020 01:39:07 +0100

This is a pwn challenge I worked on for DefCon Qualifiers 2020.

Plaid CTF 2020 Write-up 2 - YOU wa SHOCKWAVE

Sun, 19 Apr 2020 23:33:30 +0100

Story

Feeling stifled by the large crowd gathered in the entrance plaza, you open up your minimap and try to find somewhere to search far away from the entrance gate. Ah, perfect—there’s some kind of library on the other side of the Sanctum. A nice, quiet place to search alone for a bit.

Plaid CTF 2020 Write-up 1 - reee

Sun, 19 Apr 2020 22:22:26 +0100

Story

Tired from all of the craziness in the Inner Sanctum, you decide to venture out to the beach to relax. You doze off in the sand only to be awoken by the loud “reee” of an osprey. A shell falls out of its talons and lands right where your head was a moment ago. No rest for the weary, huh? It looks a little funny, so you pick it up and realize that it’s backwards. I guess you’ll have to reverse it.

X-Mas CTF 2019 Write-up 1 - snt_dcr_shp, function_plotter, and weather

Wed, 25 Dec 2019 17:11:35 +0000

The X-Mas CTF hosted by HTsP, ran from 13 Dec 2019 till 20 Dec 2019. It had some fun pwn challenges, including kernel pwn.

Manage a cloud VM lab for hacking with QEMU/KVM and Libvirt

Fri, 31 May 2019 22:19:55 +0800

This is another tutorial about setting up a penetration testing lab on a cloud server. In the previous post I showed a way to use VirtualBox to create a quick and dirty VM. There are some drawbacks to using that method, mainly the display, which requires exposing a RDP port.

Create a cloud VM lab for hacking with VirtualBox

Tue, 28 May 2019 20:07:12 +0800

This is a tutorial about setting up a penetration testing lab on a cloud server. More generally it’s a guide about using headless VirtualBox to offload some work to the cloud.

VirtualBox is just one of the many choices, usually I prefer to use Qemu-KVM with libvirt for management.

THIS IS A QUICK AND DIRTY METHOD, NOT SECURE

OWASP Android Crackme Level 1

Wed, 12 Sep 2018 19:54:48 +0800

The goal is to get the password to this app. APK Download Running the app First, install the APK on an emulator or device with adb install UnCrackable-Level1.apk. Running it unpatched on an emulator The app yells at us about the emulator being rooted, so we’ll have to patch that out. In the background we can see that there is a text box prompting for a password. Decompiling Convert the APK to a JAR with dex2jar by running d2j-dex2jar -o app.

Is This Loss? Part 2: An object recognition model

Sun, 17 Jun 2018 14:17:15 +0800

/r/me_irl.Original webcomic by Safely Endangered. So in this part I’ll be looking into TensorFlow object detection models and integrate one with the chat bot in part 1. Picking A Model The TensorFlow object detection repository contains some links to pre-trained object detection models, which I’m going to use. I’ve picked ssd_mobilenet_v1_coco in this part for its performance, but for training I plan to use faster RCNN because of its higher accuracy.

Is This Loss? Part 1: Building a Discord Chatbot

Fri, 15 Jun 2018 22:24:58 +0800

So my schedule has been significantly emptier recently, it’s the weekend and I’m looking for a project. I thought about what I could do and came across chatbots, they’re fun to play with and not as expensive as a website. Interaction will be through basic commands, nothing fancy like natural language processing. However I will be throwing in some TensorFlow because this is going to be an objection recognition bot.

Protostar Write Up Part 2 - format0-4: Overwriting the GOT

Sun, 15 Apr 2018 14:42:45 +0800

This post is a write up on the Protostar format string exercises, you can find them here. If you haven’t read part 1 yet, here’s the link.

Protostar Write Up Part 1 - stack0-7: shellcodes and ret2libc

Sat, 31 Mar 2018 11:23:20 +0800

Protostar is a basic introduction to binary exploits, with ASLR turned off and an executable stack, it’s meant for learning the basics. You can download the VM here. I’ll be running it on my personal XenServer setup but VirtualBox is more than enough. Simply ssh in with the credentials they’ve provided and the exercises will be in /opt. I’ll be doing the stack exercises in this post. I’m slightly more familliar with stack overflows but there are things I got stuck at, like ROP and ret2libc.

Cryptopals Challenges Part 1: Repeated XOR, AES in ECB and more

Mon, 19 Mar 2018 14:29:47 +0800

This post is about the Cryptopals challenges, a collection of 48 cryptography challenges and my solution to them.

I’ve been looking for something to do over the weekends and came across this Reddit post from 3 years ago, asking for crypto challenges. The comments were filled with links to CTFs, wargames, and challenge sets. I started off with the top of the list.

$ whoami

Mon, 01 Jan 0001 00:00:00 +0000

I studied Computer Science and Mathematics at the University of Edinburgh 🏴󠁧󠁢󠁳󠁣󠁴󠁿. Current skill set: Dev - Rust, C/C++, OCaml, Go, Haskell, Python, Dart, TypeScript. Reverse engineering. Binexp. Calculate SHA hashes by hand. 3D CAD and 3D printing When I do have the luxury of indulgence I’d spend my free time on: CTFs. My homelab. Playing HackTheBox and CryptoHack. Learning: Cryptography Email: atob("bmFua2VlbkBwcm90b25tYWlsLmNo")