CVE-2021-30005 - PyCharm Local Code Execution

Some time ago, I read a blogpost from Doyensec that explained a simple but impactful vulnerability in a Visual Studio Code plugin – specifically, it leveraged Python virtual environments to execute arbitrary code when a malicious project was opened in the IDE. At the time, my job involved a lot of Python developing using JetBrain’s PyCharm, so I asked myself: is PyCharm vulnerable to something similar? This post summarizes the consequences of that question, which ultimately led to the discovery of CVE-2021-30005.

Read More

GitHub Security Lab CTF 4 - CodeQL and Chill - Writeup

I’ve been very interested in CodeQL since the moment I discovered its existence. Even though I did the tutorials back in the day, I knew I needed more knowledge and hands-on practice to be able to do something useful with it. So, as soon as it was announced, I decided I was going to participate in GitHub Security Lab CTF 4 - CodeQL and Chill. After some weeks of battling with it, I was able to deliver a solution and ended up getting the 5th position in the competition. Even though it’s not enough to get any of the prices, the experience alone was absolute worth the time invested. In the following link you can find the write-up and queries I delivered as my solution to the challenge. I hope you enjoy reading it (at leasy partly) as much as I did struggling to solve it!

Read More

Google CTF 2019 - Bob Needs a File

Last year I regretted not participating in Google CTF and told myself I needed to participate the next time. Well, the next time arrived last weekend, and I managed to persuade some colleagues to create a team and join the fun.

Read More

Hack The Box - Reel

It’s been a while since I’ve posted a write-up about a Hack The Box machine in here. I had several candidates to write a post about, but finally I think the one I enjoyed the most was Reel. This fantastic box had me work on it over the span of two months, and when finally I reached admin I was astonished of how cool the ride had been. So let’s see how it went!

Read More

OSCP Review - Or How I Tried to Try Harder

Last week, I very gladly received an e-mail from Offensive Security: I had passed the Pentesting With Kali Linux (PWK) course and exam, and therefore I had obtained my OSCP certification. Given that I had almost fully committed my free time of the last few months to this course, you can imagine how happy I was to receive such message. Now that I’ve recovered a little (mentally and physically), it seems like a good idea to write some kind of wrap-up of the whole process, beginning to end. I am aware this has been done like a trillion times by other people; but, you know, it may still be helpful or at least entertaining, so I’m doing it anyway.

Read More

Hack The Box - Mirai

I’ve been very busy with my PWK course for OSCP lately, and that’s why I’ve not been posting much here. But recently I received the notification that Mirai, a box from Hack The Box (a site you should really check out if you haven’t yet), had been retired. Since I solved it back in the day, and luckily I had some notes about how I did it, I thought of writing a little walkthrough and post it here.

Read More

Blocking the AdBlock Blocker

I don’t want to talk about politics here because I want this to be a tech blog, so I’ll be quick. Let’s just say that, given the political situation in my country right now, I wanted to watch an specific interview between a famous journalist and the current leader of the Catalonian Independence movement. The only problem was that the site that hosts the video of the interview doesn’t allow its reproduction if some ad-blocking software is detected in the user’s browser. That’s extremely annoying since, if you disable it, you are not only exposed to the malware, viruses and COMMUNISM everyone knows are present in ads, but also they force you to watch like three 20~30 seconds long ads before even letting you start watching the video. I got so annoyed interested I decided to investigate how they detected the presence of ad-blockers and then try to bypass it to watch the damn video in peace check the robustness of the software in case it was insecure. Logical, right?

Read More

r2con 2017 Crackmes - Spacemission

This was my first year attending r2con, and I can assure you I’m 100% coming back next year! It was lots of fun, I learned a lot in the trainings and the talks were super interesting. But, as a complete noob with radare2 (and reversing in general), one of the things I enjoyed the most were the Crackmes. Well, actually the crackme, because I only managed to solve one, the easiest of them: spacemission. Here I will try to explain how I approached this challenge from beginning to end, of course using radare2 during the whole process!

Read More

RHme3 Quals - Whitebox

OK, let’s begin with a shameful confession: I had absolutely no idea about White-Box Cryptography before starting this challenge. That means I had to read quite a lot about it, understand its purpose, strengths and flaws, before even considering solving it. In this write-up, I will try to explain my approach to the challenge, the problems I encountered and how I finally got the solution. Let’s begin!

Read More

Mr-Robot

It’s time for another CTF writeup, this time Mr-Robot by Jason. I solved this one quite a while ago, but not until now I decided to clean up my walkthrough notes, make a decent writeup and post it here.

Read More

Gibson 0.2

I decided to get started in the world of CTF writeups with this VM made by Knightmare! The description promised some unexpected twists, but at the same time it didn’t seem to be heavy on reversing and/or binary exploitation, so I felt it was a good place to start. Without further ado, let’s begin!

Read More