Hack The Box - Forest 8 min read - Mar 21, 2020

Forest is a Windows machine considered as easy/medium and Active Directory oriented. An anonymous access allows you to list domain accounts and identify a service account. This one is vulnerable to an ASREP Roasting attack, providing user access through WinRM. The privilege escalation is achieved through the exploitation of the “PrivExchange” vulnerability.

NorzhCTF 2020 - OSINT - Familly Business 7 min read - Feb 2, 2020

New year, new NorzhCTF edition, organized next to the FIC 2020. As I am no longer student at ENSIBS, I had the opportunity to participate in the event. This post deals with the solution of “Familly Business”, an OSINT/SOCMINT challenge divided in 2 parts.

Hack The Box - Jarvis 11 min read - Nov 9, 2019

[NO ENGLISH VERSION - Only French is available for this post]

Jarvis est une machine Linux catégorisée comme facile/moyenne. L’exploitation d’un injection SQL sur le site web permet de récupérer un accès limité. Une première phase d’escalade de privilège est réalisée grâce à une injection de commande dans un script. Enfin, la compromission de la machine peut être faite grâce à un binaire SUID (systemctl) en construisant un service.

Hack The Box - Haystack 7 min read - Nov 9, 2019

[NO ENGLISH VERSION - Only French is available for this post]

Haystack est une machine Linux catégorisée comme facile et plutôt intéressante, faisant intervenir ELK. L’énumération des endpoints web et des indices permet de récupérer un accès SSH utilisateur tandis que l’exploitation de la CVE-2018-17246 sur le composant Kibana permet de récupérer un accès plus intéressant. Enfin, l’exploitation d’un Logstash mal configuré permet d’élever ses privilèges.

NorzhCTF 2019 & RedHackCTF 2019 - Windows AD - Game of Pwn 28 min read - Oct 29, 2019

The NorzhCTF, organized in conjunction with the 2019 FIC, gave me the opportunity to create, in collaboration with @AzrakelK (L0n3w0lf), the attack scenario in relation to an Active Directory domain. This article gives details about this challenge and presents our solution. The challenge has been replayed during the RedHack CTF 2019 under the same name.

Santhacklaus CTF 2018 - Solved Challenges 25 min read - Dec 27, 2018

[NO ENGLISH VERSION - Only French is available for this post]

Le Santhacklaus CTF 2018 est un challenge Jeopardy en ligne, organisé par quatre étudiants de l’IMT Lille Douai @_nwodtuhs @m3lsius @Ch3n4p4N @Deldel. Cet article traite des différents challenges que j’ai réussi et eu le temps de faire.

ECW 2018 - Web - Intrusion (5 challenges) 10 min read - Oct 21, 2018

ECW 2018 is a French Jeopardy challenge organized by the PEC (French Pôle d’Excellence Cyber) in partnership with the Bretagne county, Airbus and Thales. Intrusion is a 4 (+1 extra) challenge based realist web scenario. It aims Ruby on Rails and cookie manipulation in order to become admin on the production website.

ECW 2018 - Web - Troll.JSP 4 min read - Oct 21, 2018

ECW 2018 is a French Jeopardy challenge organized by the PEC (French Pôle d’Excellence Cyber) in partnership with the Bretagne county, Airbus and Thales. “Troll.JSP” is challenge based on the CVE-2017-5638 exploitation, executing code to change a session variable and then display the flag.

ECW 2018 - Web - SysIA 3 min read - Oct 21, 2018

ECW 2018 is a French Jeopardy challenge organized by the PEC (French Pôle d’Excellence Cyber) in partnership with the Bretagne county, Airbus and Thales. SysIA is a challenge based on a LFI (Local File Inclusion) exploitation using the bash_history and the updatedb tool to find the flag.

Windows 10 & GPO - Hardening against personal data leak 9 min read - Oct 19, 2018

Since the release of the Windows 10 operating system, many questions about user privacy have been raised. Indeed, even if our data were already collected before, Microsoft has opened their communication on the data collection with Windows 10. It allows mani people to open their eyes and become aware of things happenin.

Web containers - Stop data sharing between websites 8 min read - Sep 27, 2018 If you regularly use an Internet browser and you know a little bit about Web technology, you generally know what data is retrieved by the different websites that you visit. If not, just know that each visited website stores information about you through different mechanisms (cookies in particular) which can for example identify you so you no longer have to enter your credentials. However, this is only a small part of the data that publishers recover.
Android Internet Box and Privacy - The iceberg summit 6 min read - Sep 13, 2018

A little lighter post this time, dealing with connected internet boxes, and specifically the Miami Bboxes (which is a French ISP). Indeed, having one of these boxes, I wondered what I could find from a privacy point of view and what a basic and curious user could do with parameters. We will therefore see here that a certain number of default parameters are activated and that it is possible to act on them. I should point out that no box was mistreated in the context of these experiments : D.

Best security practices for WordPress installations 11 min read - Mar 31, 2018

If you want to set up your own website but you are not an expert, you may have seen the word “Wordpress” spread. It is a CMS (Content Management System) to help in the the creation of a website. Basically, it facilitates creation and management by providing a ready-to-use interface. Now all you have to do is customize your site and write your articles! No need to write code (even if it is possible to search and modify manually) !

The password reuse threat 12 min read - Dec 17, 2017

I’m sure you’ve already heard it thousand times, but questions about passwords on Internet are more than ever critical for your privacy and personal data. Nowadays, Internet is used for (almost) everything and by (almost) everyone, from the simple cooking website to your bank account, through social networks, marketing websites or even your mailboxes. It makes a lot of websites, account, and so, passwords.

ECW 2017 - Web - Path Through 3 min read - Nov 30, 2017

The ECW 2017 is a French Jeopardy challenge organized by the “Pôle d’Excellence Cyber” in partnership with the “Région Bretagne”, Airbus and Thalès. Path Through is a web challenge based on blind SQL Injection.

ECW 2017 - Web - Hall of Fame 3 min read - Nov 23, 2017

The ECW 2017 is a French Jeopardy challenge organized by the “Pôle d’Excellence Cyber” in partnership with the “Région Bretagne”, Airbus and Thalès. Hall of Fame is a web challenge based on Union SQL Injection.

Quaoar Virtual Machine - Walkthrough 8 min read - Nov 20, 2017

“Quaoar” is a “Boot2Root” VM originally created for the Hackfest 2016 CTF. It aims to train your computer security skills. You just have to launch the Virtual Machine, and then find a way to get root ! This VM is in free access on Vulnhub.

TamuCTF 2017 - Steganography - Musical Bits 5 min read - Nov 12, 2017

The TamuCTF is a Jeopardy-style CTF. This walkthrough is explaining the “Musical Bits” challenge which is a Steganography challenge. I worked with Iptior on this one and it tooks severals hours of pain before success! Let’s go!