Finding Processes With Suspicious CWD Using procfs

On February 27, 2021February 27, 2021 By DanielIn CTF, forensics, incident response, Linux, malware

Find malware running from temporary directories using procfs.

Finding Masquerading Processes With procfs

On February 27, 2021April 4, 2021 By DanielIn CTF, forensics, incident response, Linux, malware

Find masquerading processes using procfs.

Using procfs For Forensics and Incident Response

On February 23, 2021April 4, 2021 By DanielIn CTF, forensics, incident response, Linux, malware

Using procfs For Forensics and Incident Response.

Accessing Alternate Data Streams on VMDK Images on Linux

On January 10, 2021April 4, 2021 By DanielIn CTF, forensics, incident response, Linux, malware, pentesting, windowsLeave a comment

Accessing Alternate Data Streams on VMDK Images on Linux.

crackmes.one “EZ crackme” Writeup

On December 22, 2020January 23, 2021 By DanielIn crackmes, UncategorizedLeave a comment

Writeup for "EZ crackme" on crackmes.one

Volatility on Ubuntu 20.04

On December 18, 2020April 4, 2021 By DanielIn CTF, forensics, incident response, Linux, malwareLeave a comment

Quick and dirty way to get Volatility working on Ubuntu 20.04

Finding Bad With Package Managers

On February 25, 2020February 27, 2021 By DanielIn CTF, dpkg, forensics, incident response, Linux, rpm

Learn how to use dpkg, rpm, and other related tools to find malware on your systems.

Building a Hardened Shell For Attack/Defend CTF Supremacy

On October 31, 2019January 23, 2021 By DanielIn CTF, LinuxLeave a comment

Harden bash shells against pesky red teamers.

Changing apt’s User-Agent string

On December 10, 2018April 4, 2021 By DanielIn dpkg, Linux, NSM, pentestingLeave a comment

Quick howto on changing apt/apt-get's User-Agent string.

packet_write_wait: Connection to X.X.X.X port 22: Broken pipe

On December 4, 2018April 4, 2021 By DanielIn CTF, Linux, pentesting, sshLeave a comment

How to fix packet_write_wait: Connection to X.X.X.X port 22: Broken pipe in VMWare Workstation guests.

SLAE #7: Shellcode Crypter for Linux/x86

On May 1, 2017May 10, 2017 By DanielIn SLAE1 Comment

Introduction This blog series has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification: http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE-877 To get the code provided in this exercise: % git clone https://github.com/droberson/SLAE.git The code will be within the Assignment-7 directory. RC4 I decided to use the RC4 algorithm due to the fact that …

Continue reading SLAE #7: Shellcode Crypter for Linux/x86

SLAE #6: Polymorphic Shellcode for Linux/x86

On May 1, 2017May 10, 2017 By DanielIn SLAE1 Comment

Introduction This blog series has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification: http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE-877 To get the code provided in this exercise: % git clone https://github.com/droberson/SLAE.git The code will be within the Assignment-6 directory. What is Polymorphic Shellcode? Quoting the Wikipedia article about Polymorphic Code directly: In …

Continue reading SLAE #6: Polymorphic Shellcode for Linux/x86