writeups, ctfs, infosec. oscp prepping
i'm a student interested in offensive security and physical pentesting. currently studying for the oscp while learning about av/edr evasion, cryptography and doing ctfs in my spare time.
other interests: jiu-jitsu, islamic philosophy and poetry, logic, lockpicking, balisong (trainer) flipping, and air rifle shooting. this site is where i share writeups and notes.
Plantinga's Modal Ontological Argument uses modal logic and possibility semantics to affirm the existence of a Maximally Great Being. Built on Ibn Sīna and Anselm, resting on axiom S5 at its crux. We also counter-argue against its parody with Kalam.
Logic, at its core, is understanding how conclusions follow from premises. This act of following can happen twofold — through syntactic and semantic consequences.
After previously discussing XOR obfuscation, we examine a real-world implementation through Cloudflare's Email Address Obfuscation service — a nice demonstration of XORing in the wild.
XOR obfuscation is a bare-bones, lightweight method of obfuscating data using the bitwise XOR operation. Useful for evasion of basic static detection and easy to implement in shellcode.
In many AD environments, cracking passwords isn't feasible — but when SMB signing is not enforced, an attacker can relay NTLM authentication and gain access without ever knowing the plaintext password.
A stager is a small piece of software with one primary task: trigger a larger implant's download and open the initial connection to C2. Small, lightweight, and capable of running in-memory to evade AV.
Easy Windows box. Encrypted credentials found in an unsecured SMB share, decrypted with a public key to get domain user, then kerberoasting the svc_tgs account for domain admin.
When DNS fails, Windows falls back to LLMNR/NBT-NS — broadcasting resource requests to the whole network. An attacker can respond to those requests in exchange for a victim's hashed credentials.
Walkthrough of SliverC2 against Linux targets. A modern CLI-based C2 framework with beacons, stagers, and mTLS/HTTP/DNS transport options.
Easy Linux box. Shell via insecure file upload, credential cracking from a SQLite database, lateral movement to a user shell, then root via path traversal in an internal service exposing the root SSH key.
SUID binaries run with the permissions of their owner. Root-owned SUID binaries can be run as root — here we exploit the systemctl SUID bit to execute arbitrary root commands via a crafted service.