Posts

Docker Tutorial and/or Cheatsheet

Frequently used Docker commands

Kringlecon 2020 Walkthrough

Introduction Objective 1 - Uncover Santa’s Gift List Kringle Kiosk - Shiny Upatree Objective 2 - Investigate S3 bucket Linux Primer - Sugarplum Mary Objective 3 - Point-of-Sale Password Recovery Unescape Tmux - Pepper Minstix Objective 4 - Operate the Santavator Speaker lights/door/vending machine - Bushy Evergreen Objective 5 - Open HID Lock Objective 6 - Splunk Challenge CAN-D bus investigation - Wunorse Openslae Objective 7 - Solve the Sleigh’s CAN-D-BUS Problem Holly Evergreen - Redis Investigation Objective 8 - Broken Tag Generator Scapy - Alabaster Snowball Objective 9 - ARP Shenanigans Objective 10 - Defeat Fingerprint Sensor Snowball Game - Tangle Coalbox Objective 11a) - Naughty/Nice List with Blockchain Investigation Part 1 Setting up the environment Understanding the vulnerability Dumping the 32 bit PRNG integers Predicting the PRNG state Objective 11b) - Naughty/Nice List with Blockchain Investigation Part 2 Additional links Introduction Spoiler alert!

Practical DBSCAN Clustering with Python

Introduction Generating sample data Feature scaling Determining $\varepsilon$ and $minPts$ Model fitting Visualization Outlier detection Conclusion Additional links Introduction Density Based Spatial Clustering of Applications with Noise, DBSCAN for short, is a popular clustering algorithm that can be specially useful for outlier detection and clustering data of varying density.

Practical KMeans Clustering with Python

Introduction Algorithm Generating sample data Feature scaling Determining $K$ Elbow method Silhouette method Model fitting Model accuracy Conclusion Additional links Introduction KMeans clustering is perhaps the most well-known technique of partitioning similar data into the same clusters.

PCAP Analysis with Zeek | Digital Forensics and Incident Response

Introduction Zeek (previously called bro) is a useful tool that enables high-level PCAP analysis at the application layer. I have mostly been doing my packet capture analysis in Wireshark and while Wireshark is still my number one tool for PCAP analysis, Zeek was a great find for me.

PCAP Analysis with Wireshark and Tshark | Digital Forensics and Incident Response

Introduction PCAPs can greatly aid an investigation after an incident has occurred. However, PCAPs contain massive amounts of data that is difficult to parse and time is valuable, especially during live investigations.

Parsing Palo Alto syslogs with Logstash

Introduction Palo Alto Firewalls are capable of forwarding syslogs to a remote location. However, parsing is necessary before these logs can be properly ingested at data ingestion and storage endpoint such as Elasticsearch.

How to disable annoying Windows 10 notification sounds!

There are some Windows 10 notification (system) sounds that are quite annoying to say the least. I am not sure who decided that it was a good idea to choose these sounds for alert notifications in Windows 10.

KringleCon | Python Escape from LA | CTF Challenge Solution

Python Escape from LA This challenge is about breaking out of a restricted shell to execute a program that resides in the directory. In this case, we are provided a Python shell but we cannot import any modules that would let us perform advanced tasks such as executing a binary.

KringleCon | HR Incident Response | CTF Challenge Solution

Question 7 HR Incident Response In this challenge, we are given a website with CSV upload capability and are asked to somehow gather information from the contents of the file: C:\candidate_evaluation.