Code Analysis With Langchain

Introduction There’s been a lot of buzz lately about Generative AI, LLMs and their applications. It’s becoming increasingly clear that machine learning techniques are augmenting the world of software development and security research. One such example is the LangChain framework, which provides a powerful toolkit for developing applications powered by language models. This framework can enable developers to gain deep insights into their codebase, identify potential bugs or vulnerabilities (this is the part we’re interested in 😉), and improve the overall quality and efficiency of their software. [Read More]
ai  ml  langchain  vr  offsec 

Stop Opening Port 22❗️ (An AWS Tip)

Overview If you’re familiar with AWS and EC2 instances you’ve probably had to configure a security group1 or two before, if for no other reason than to allow traffic to port 22 of your EC2 instances. Well today I hope to teach you a new way to connect to port 22, or any port for that matter, without needing to expose it to the internet. The rest of this tutorial assumes you’re familiar with/have configured the AWS CLI. [Read More]

How My Blog Works

If you’ve visited my blog before, you’ll notice that things look a bit different 😄 I decided to swap from the old framework, Jekyll, and deploy Hugo. Thankfully, my workflow makes it simple to swap out the entire framework and keep my content structure same. If you’ve ever thought about running your own blog, I highly suggest this setup. It’s lightweight, simple, and nearly free! Let’s dive into it. Overview My use case for a website is simple: hosting a bunch of static content, e. [Read More]

Htb Forge Solution

As promised in my last HTB post, this one is a solution for a medium machine. Forge has been recently retired so let’s dive into it this box! 0x00 Recon Our initial port scan shows your standard ports open on the host # Nmap 7.80 scan initiated Tue Dec 14 11:47:49 2021 as: nmap -p21,22,80 -sV -sC -A -oN scan.nmap forge.htb Nmap scan report for forge.htb (10.10.11.111) Host is up (0. [Read More]

Htb Love Solution

Haven’t done any HackTheBox in a while so I decided to jump back into it with an easy machine. Hope to have a medium solution posted in the near future. Love recently retired so let’s get into it :) 0x00 Recon Starting off with some basic recon, we have a few open ports to look at: Nmap scan report for 10.10.10.239 Host is up (0.016s latency). PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2. [Read More]
htb  easy 

Xbalti Kit

We’re back with something a little different this time. I found myself pretty bored this Sunday so I decided to go searching for some active phishing campaigns. I think it’s interesting to look into what tools and techniques are being employed by cyber criminals. I came across one campaign targeting Amazon users which obviously piqued my interest ;). The kit itself doesn’t seem to be new, but new instances are still popping up. [Read More]

Gynvael Web Challenge 6

We’re back again with another NodeJS web challenge from Gynvael. Let’s get into it! Description Just like the previous challenges, we are given the source code for the NodeJS application: const http = require('http') const express = require('express') const fs = require('fs') const path = require('path') const PORT = 5006 const FLAG = process.env.FLAG || "???" const SOURCE = fs.readFileSync(path.basename(__filename)) const app = express() const checkSecret = (secret) => { return [ secret. [Read More]
ctf  web  nodejs 

Hackasat Goodplan Greatplan

Category: Space and Things Description: Help the Launchdotcom team perform a mission on their satellite to take a picture of a specific location on the ground. No hacking here, just good old fashion mission planning! Connect to the challenge on mission.satellitesabove.me:5023. Using netcat, you might run nc mission.satellitesabove.me 5023 Write-up by medarkus, nafod This write-up is part of a larger post hosted over at our official blog. On connection to the service, we’re presented with the following instructions: [Read More]

Gynvael Web Challenges

It was recently brougt to my attention that Gynvael Coldwin has been releasing some CTF-style Express.js web challenges, so I decided to give them a try :) As of 5/12/2020, there are only 3 challenges published Level 1 Level 1 begins here, where we are presented with a standard layout for this type of web challenge: a blank page with the JS source echoed back to us. Source code Level 1 const express = require('express') const fs = require('fs') const PORT = 5001 const FLAG = process. [Read More]
ctf  web  nodejs 

Sarctf2020 Crossw0rd

This is one of the reversing problems that I solved during SarCTF a couple months back in February of 2020. I decided to write this up since I believe it to a good beginner problem for people looking to get into reverse engineering. Problem Description While the children were playing toys, Sherlock was solving crosswords in large volumes. Reversing the Binary Using file we can see we’re given an unstripped 64-bit ELF file: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 3. [Read More]