Introduction
Video games are truly intriguing pieces of software. They are built with cutting edge technology and employ some of the most wild and innovative logic, all while being artistically expressive and generally entertaining. Read More
CTF Write-Up – TargetPractice: Dead Drop
For the past week, I have been slowly and steadily enjoying a new CTF website, TargetPractice. I finally completed their Android crypto/reverse-engineering challenge, Dead Drop, and wanted to share my workflow and experience with this fun exercise. Read Write-Up
Introduction to Deserialization Exploitation: CVE-2017-5941
In this quickstart guide, we will be learning about the role of object deserialization in security. Deserialization is featured in most major languages and when implemented improperly, either by the language itself or by the application being written, can be a fruitful attack surface. CVE-2017-5941 is an example of flawed implementation of deserialization in the node.js JavaScript framework. Read More
CTF Write-Up – RickdiculouslyEasy 1
It's time for another vulnhub.com CTF challenge: RickdiculouslyEasy 1 by Luke.
Read Write-Up
CTF Write-Up – IMF: 1
This week I have decided to try something a little different... a boot2root capture the flag challenge. I grabbed the first beginner/moderate level one that caught my eye on vulnhub.com: Impossible Mission Force by geckom. Read Write-Up
Evaluating Features in Classification of LoL Rank
Abstract
For this project, I have compared the effectiveness of various feature sets from League of Legends (LoL) game data in classification tasks. Data for individual LoL matches were scraped from the North American match history servers. A decision tree, k-nearest-neighbors model, and multi-layer perceptron neural network were each configured and tested on their ability to identify player ranks when presented with game data. I used 13 different feature sets with each classifier and compared the results. The neural network always outperformed the other two models and the best feature set was the creep score intervals, gold earned intervals, and vision ward placement/destruction. The worst feature set was the losing team’s KDA by itself.
Replay Attacking a Car’s Remote Keyless Entry
In this guide, we will take a look at a few exploits that target remote keyless entry (RKE) systems in modern vehicles. We will learn the theory behind the generic rolljam attack and also implement a specific attack on Subaru vehicles. Read Guide
Practical WPA2 Attacks on NETGEAR Routers
"What's the wifi password?" is today's "Where is the bathroom?": the first question asked by guests of an unfamiliar location. I myself have asked this of many friends and this past week had noticed a security weakness in their routers. For those using NETGEAR brand routers, there is a simple pattern within the default WPA2 passwords that increases viability of WPA2 hash cracking. Read Guide
ReDroid v0.7 Release
ReDroid started as an apktool wrapper and became a simple workspace tool for Android disassembly projects. It automates disassembly and reassembly of apps via Smali, allows for branching, and automates the signing and installing of recompiled apk files There's still a lot of work to do, and I will continue to update occasionally while I continue my DHS assignment. ...continue reading "ReDroid v0.7 Release"
Practice the Past: CVE-2012-1723
In this guide we will observe one of Java's most dangerous vulnerabilities, CVE-2012-1723. We will analyze the conditions of the vulnerability and work through an example of practical exploitation through a drive-by attack. Read Guide