The Evolution of Crypto

Crypto used to refer to cryptography, the study of protecting the confidentiality and integrity of information. It is one of the purest branches of computer security. Theoretical cryptography is almost fully governed by the laws of mathematics and physics. The only breakthrough possible is ...

Timestomping Programmatically

Timestomping is a favourite topic of red teamers and forensic analysts. They often speak about the tools and powershell commands that can be used to do timestomping. How do these tools work? In the course of developing nTimetools, I read up on the various APIs and the extent of ...

Windows Persistency With OpenVPN GUI

OpenVPN GUI will automatically run the following batch files if it exists. No changes to config file is needed, just drop the batch file in place. Possible privilege escalation if user runs OpenVPN GUI with administrator privileges and uses a VPN config in his home directory. ...

Migrating rsyslog to Splunk

I recently decided to migrate my server cluster's logging mechanism from rsyslog to Splunk. My previous setup was to use rsyslog to centralise all logging onto /var/remotelog/ on a central server. I then configured the Splunk indexer to index both /var/log/ as well as /var/remotelog/, this ...

SANS FOR508 review

I was back at SANS October Singapore this year. Not much changed compared to the past year, the venue was the same, food was the same, even some of the course participants were familiar. This year, I signed up for the FOR508 course, as well as both NetWars Core and Defense. It was really tiring ...

FLARE-On 5 wasm with Chrome

Most of the solutions for FLARE-On 5 web2point0 challenge involve the use of a framework to decompile WebAssembly. Chrome offers the ability to debug WebAssembly code which gives us the opportunity to solve this challenge without any other tools. When solving simpler crackme binaries, we ...