Fun with MD5 Collisions

We all know about MD5 hash collisions but I have never imagined that so much progress has been made. Meaningful hash collisions can now be computed on desktop grade hardware. The below collision was computed using unicoll on an i3 desktop in under 30 minutes. Position of byte differences have ...

GovTech CTF Writeup

Index Forensics - Walking down a colourful memory lane OSINT - Sounds of freedom! Cloud - Find the leaking bucket! Bonus - Bonus flag for submitting Awesome Write-up Walking down a colourful memory lane We are trying to find out how did our machine get infected. What did the user do? Please ...

Calling IUnknown COM interface

While completing challenge 9 of Flare-On 7, I found a lack of information out there on reverse engineering COM objects. Most tutorials are written from a developer point of view where the Interface Definition Language (IDL) file is available. Reverse engineers don't usually have the luxury and ...

macvlan host guest connectivity

There are a number of sites out there mentioning that macvlan has a limitation when used with docker or lxc containers. The host machine will not be able to communicate with the guest machine and vice versa. While this is true by default, there is a tweak that you can perform to make host guest ...

Bank Token Teardown

My hardware token ran out of battery recently. Before throwing it out, I opened it up to remove the battery so I can dispose of it separately. I decided to take the opportunity to sneak a quick peek into the insides of the token. The model number etched on the circuit board indicates that it is ...

NTFS Owner Rights for Logging

I recently stumbled across the NTFS Owner Rights security principal. This is an obscure security principal that is used to restrict the rights that the owner of the file has. This can come in handy when hardening endpoints in corporate environments. Frequently, we encounter software that has to ...

Public IP Hijacking over LAN

This is a topic that is not commonly discussed. Most articles about IP hijacking deal with the subject at the ISP level, i.e. hijacking of BGP protocol. However, IP hijacking can be performed on the LAN as well. It is possible to use static routes at the gateway to route a public IP address to ...

Authenticating with NRIC numbers v2

4 years ago, I wrote about why we should not use NRIC numbers for authentication. Unfortunately, this mistake was repeated and it can be exploited today to claim free masks from the government. This video shows the exact process to claim one free mask per NRIC. Unfortunately, there is no 2FA. ...