Skip to main content

Posts

Showing posts from July, 2023

100 Reps

PicoCTF: The Debugger

GDB baby step 1  Can you figure out what is in the eax register at the end of the main function?  For Mac, gdb can be installed via homebrew: brew install gdbGDB baby step 2 Learn how to disassemble a program from binary file. Here we can see that in line 15, 0x86342 is copied into eax. The output here seems to reverse the arguments.

PicoCTF: Intro to Assembly Code

Intro to Assembly Code Bit-O-Asm-1 Task: Can you figure out what is in the eax register? This is the assembly code. I had no idea how to read it. <+0>: endbr64 <+4>: push rbp <+5>: mov rbp,rsp <+8>: mov DWORD PTR [rbp-0x4],edi <+11>: mov QWORD PTR [rbp-0x10],rsi <+15>: mov eax,0x30 <+20>: pop rbp <+21>: ret Lots of things are happening there is the <+0> structure on the left which I now learned is the line number The push, mov, pop and ret are called operands. These run an action. The stuff on the right are the arguments. In line 15 we see that we are moving 0x30 into the eax register. The number is in hexadecimal so 3x16 = 48 Flag is picoCTF{48} This exercise taught me how to read the assembly code and know how numbers are moved into different registers Bit-O-Asm-2 Task: Can you figure out what is in the eax register? <+0>: endbr64 <+4>: push rbp <+5>...

PicoCTF: Low Level Binary Intro Playlist

Mochi's Tale Mochi's Tale is a really cool little game that teaches you how to "find things out" through experimentation. I found it a really helpful way to get you into the rhythm of learning rules without being told what they are in the first place.

Learning goals - Git Gud

 In 3 months there will be a CTF event that I want to attend. I know absolutely nothing useful for CTF to even compete. I am not going to be so deluded that I can catch up to their standard and mastery before then to win a placement there. However, I want to see how I fare with the challenges. I had a look at HackTheBox, OverTheWire and picoCTF. picoCTF seems the most friendly so I will start there. 10 years of experience in software development will be an advantage and I can fast track through a lot of basics. But I will go through the material at 3-4x speed to make sure I cover all bases. There may be key points in the basics that I miss/forgotten. Step 1. General Skills https://youtu.be/3OawXnTELqA Key Points: Binary numbers Encodings Mappings of a number to a meaning Practice: 2Warm Warmed Up Lets Warm Up 2Warm Can you convert the number 42 (base 10) to binary (base 2)? Doing it manually. 32 16 8 4 2 1 1    0  1 0 1 0 Explanation: Write the powers of 2 until it h...

Learn and do: deHydration hinders performance

I would like to stay at peak performance. I am really bad at looking after my body. Setting up hourly water input into my body. According to the video, the first 10 hours.

Linux Admin: Process Management

fg − Brings the process to the foreground bg − Moves the process to the background jobs − List of the current processes attached to the shell ctrl+z − Control + z key combination to sleep the current process & − Starts the process in the background

Linux Admin: SystemD

systemd loads up Linux faster than its the older sysvinit. It manages Linux services Use this to see the boot services systemd-analyze You can even put it into a graphic systemd-analyze plot > SystemBoot.svg Check the state of a service: systemctl --state bluetooth List the services: systemctl -t service Start and stop a service systemctl start ssh systemctl stop ssh N.B. don't need the ".service" suffix Check the status of a service systemctl status ssh.service  Control groups set limits on the system resources of services An attacker trying to run crypto-mining software on your server might check and modify these limits

Linux Admin: Managing Users

I read through Chapter 2 of Linux Admin for Absolute Beginners by Martin Stevenson Key Learnings: Add Users Passwords User groups How to add users The flags of adduser varies across different version of Linux, so consult the man pages for more info. I am practising on Kali Linux, the simplest command is: sudo adduser --comment "Gym Owner Terry Crews" tcrews You will need root access for this. So using the root user or adding sudo will work. Sometimes you'll see another command useradd instead. The recommendation is to always use adduser. adduser is a wrapper for useradd.  adduser is more user friendly and interactive than its back-end useradd . There's no difference in features provided. Why is this important? This is how we can create an account for users to access Linux servers. If you have a new employee at your company or student who enters the university, they'll need access to the shared drive, a private drive for themselves etc. Groups Groups keep users i...

Quality vs Quantity

The perfectionist in me feels like I should be a powerhouse and every post needs to be a super in depth blog post with an entire study. The true to the cause part of me feels like I should post "every day". I'm scared of making "token low effort posts" to fill up the dates but this seems like a self-imposed blocker. I don't think you really care if I make crappy asides. Just skip them and go to the juicy posts. I will try to post something every day even if it's a small 100 word post. It will help me build up consistency. Peace out!

Linux Admin: Getting started with File Permissions

Eating Humble Pie I use Linux every day but not to an advanced System Administrator capacity. It's easy to "skip through" because I'm familiar with the environment. Learn about Linux Administration Resource: Linux Admin for Absolute Beginners Author: Martin Stevenson Skill 1: File / Folder Management Microskill: Read the permission string Concept: Files and folders have a long permission string. Each letter has a different meaning Why it's important:  Limit the actions of each file on the computer. Read, write, execute. Where it can go wrong: Read - compromise privacy Example: Employment offer letters, secret keys Write - overwrite/delete important documents Example: Sales scripts, brand images Execute - potential malicious code or accidental running  Example: Malicious file transferred from USB Example: Prevent students from running "update print quota" command Learning Here is an example: drwxr-xr-x  3 kali kali 4096 Jul  6 05:02 . drwxr-xr-x 22 kali k...

Why CyberSec?

Cyber-Warfare Warfare is progressively moving more and more into the digital space. Whether we like it or not, civilian businesses sustain collateral damage as foreign powers try to take each other down by disrupting assets to the other country. This might be healthcare, traffic networks, power grid. Even non-essential companies like accounting firms and SMEs risk: Ransomware attacks which provide funding https://www.bleepingcomputer.com/news/security/japans-largest-port-stops-operations-after-ransomware-attack/ https://www.bleepingcomputer.com/news/security/iowas-largest-school-district-confirms-ransomware-attack-data-theft/ Data exfiltration which provide login credentials https://www.npr.org/2021/04/09/986005820/after-data-breach-exposes-530-million-facebook-says-it-will-not-notify-users https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-2023#:~:text=The%20largest%20confirmed%20data%20breach,14%20million%20records%20being%20compromised. DOS attacks to cri...

Response: Start new industry from scratch

Personal response to Alex Hermozi's encouragement: