Tips for winning SANS CTFs

Over the past 3 years, I have attended 3 SANS courses and participated in 3 NetWars events. I have won the challenge coin for every event I participated in. I hope this gives a bit more credibility to the tips that I am about to share. The SANS Challenge on the last day differs depending on the ...

Singapore Gazette Search

Update (9 Jan 2020) The government has announced the decision to make all publications in the Gazette freely available to the public. Kudos to the government for doing so! As such, there is no point in continuing to archive them. I have turned off the search feature. However, this page will ...

WP Like Button 1.6.0 - Auth Bypass

Exploit Title: WP Like Button 1.6.0 - Auth Bypass Date: 05-Jul-19 Exploit Author: Benjamin Lim Vendor Homepage: http://www.crudlab.com Software Link: https://wordpress.org/plugins/wp-like-button/ Version: 1.6.0 CVE : CVE-2019-13344 1. Product & Service Introduction: WP Like button allows you to ...

On the Cybersecurity Act

Let us take a look at the Cybersecurity Act 2018 and see how it affects professionals in the industry. I believe it is a good first step, however more can be done in terms of enforcement as well as to ensure better wording of the law. 1 2 3 4 5 6 7 8 9 10 11 12S2 Interpretation “cybersecurity” ...

SLAE64 #7 - Crypters

Since shellcode is usually very small in size, I have used RSA asymmetric encryption to encrypt the shellcode. Most of the code is boilerplate code so there is not much to talk about. Encryptor. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 ...

SLAE64 #6 - Polymorphic shellcode

I have taken shellcode #603 and #859 from shell-storm and created polymorphic version that passed clamav scan. The original version of both shellcodes were detected by clamav scan due to the presence of the /bin/sh string. Breaking up the string caused the modified versions of both shellcodes ...