Purpl3 F0x Secur1ty

Security Research.

  • Vulnserver Redux 1: Reverse Engineering TRUN

    Intro At the time of writing, I am currently enrolled in Offensive Security’s EXP-301/OSED course. One of the topics covered in the course is reverse engineering for bugs, which was one of my favorite modules. I wanted to get in a little extra practice so I came back to Vulnserver...

  • Bypassing Defender on modern Windows 10 systems

    Intro PEN-300 taught me a lot about modern antivirus evasion techniques. It was probably one of the more fun parts of the course, because we did a lot of cool things in C# and learned to bypass modern-day AV. While the information provided was solid, I found that some of...

  • Course Review - PEN-300

    Intro I signed up for PEN-300 in November 2020, and started in December 2020, and over the next three months I worked on the course material every day. Watching videos, going through the PDF, replicating exercises, and eventually the challenge labs. I sat the exam on March 13th and met...

  • Malware Analysis - Wannacry

    Intro It was the middle of May 2017. I was working night shift in a datacenter on the Windows server team. My desk phone rings and it’s a security analyst working for one of the datacenter’s tenants, asking us to immediately apply patches to all their servers for the EternalBlue...

  • Phishing Analysis - Steam Scams

    Intro More and more often I keep hearing about friends who get random private messages from their friends asking them to click a link and “Vote for my team in this competition” or something along those lines. The messages come from compromised accounts that are being used to take over...

  • Vulnhub - FoxHole

    Intro After much hemming and hawing about making my own Vulnhub box, I sat down one night, and after a marathon session of evil laughing and chugging Dr. Pepper I created the box now known as FoxHole! The box is meant to be easy-to-intermediate, with a fairly straight-forward initial foothold,...

  • Phishing Analysis - Paypal Scam

    Intro Today I got a phishing email sent to me that, on the surface, was pretty obvious to me that it was fake, but as I dug deeper, it revealed itself to be a terrifyingly convincing phishing scheme (except for one little detail). Breakdown To start, let’s show the email:...

  • Flowcharts in Markdown

    Mermaid chart graph LR A[Wake up] --> B(Drink Coffee) B --> C{Awake yet?} C --> |Yes| D[Work] C --> |No| E[Drink moar] Flowchart st=>start: Wake up e=>end: End op1=>operation: Drink Coffee sub1=>subroutine: Brew another cup cond=>condition: Awake yet? st->op1->cond cond(yes)->e cond(no)->sub1(right)->op1 Run Mermaid top-down chart graph TD A[Wake up] -->...

  • Vulnhub - Misdirection

    Intro Misdirection is a pretty simple OSCP-like machine that was very recently released by InfoSec Prep’s very own FalconSpy. He built it as some extra practice for people who are gearing up for OSCP and want something outside of the PWK labs. You can find it here. Part 1 -...

  • Exploit Dev - New Integard 0-day - CVE-2019-16702

    Intro After getting some tips from a friend about a way of finding 0-days, I decided to return to Integard Pro v2.2.0.9026 and fuzz some different parameters in the HTTP POST header. After about an hour, I found a new buffer overflow that allowed me to overwrite EIP. There are...

  • OSCE Prep - Vulnserver LTER - Alphanumeric Restrictions

    Intro This was probably one of the more complex Vulnserver exploits that I made, requiring lots of jumping around, stack adjustments, and the infamous alphanumeric character restrictions. I took this as an extra opportunity to practice some manual encoding but also sped things up with this nice script here While...

  • OSCE Prep - Vulnserver KSTET - Socket Reuse

    Intro Before I say anything…! —> All credit goes to this awesome guy here! <— Without this post I’d have never even heard of socket reuse in buffer overflows. This was completely new territory for me and something I haven’t really  seen in anything I’ve run across in Exploit-DB, so...

  • OSCE Prep - Integard Exploit

    So with all my lab exercises done it's time to venture outside the course material and do some extra practice. I went to Exploit-DB and looked up some Windows x86 buffer overflow posts that have links to the vulnerable software. The first thing I tried had a complicated setup just...

  • OSCE Prep - Vulnserver GMON - SEH Overwrite (No Egghunter)

    Previously, I wrote about performing the vulnserver.exe GMON SEH overflow, using an egghunter to overcome the space limitations. After a night of frustration and much learning, I re-created the exploit without the egghunter. This will be a short post because I'm only going to cover the differences between this exploit...

  • OSCE Prep - Vulnserver GMON - SEH Overwrite w/Egghunter

    Passing the OSCP exam was a hell of a confidence booster, and taught me that I am capable of so much more than I thought. Breaking the habit of putting limitations on myself was quite a feeling. So I threw all caution to the wind and signed up for Cracking...

  • OSCP Review

    On April 15th I received the best email I've gotten in a long time; a confirmation from Offensive Security that I had passed my PWK exam and obtained my Offensive Security Certified Professional (OSCP) certification! 15 months in the making, it took 2 attempts to get it. A lot of...

  • VulnHub - Kioptrix 5

    The final box in the Kioptrix series is here! This one was the hardest by far, and every bit of advancement came only after a fair deal of research, head scratching, and frustration. Getting the initial foothold took many steps, some of which I've never done before, but getting root...

  • VulnHub - Kioptrix 4

    Now it's time for the next pentest challenge in this series, Kioptrix 4! Recon and enumeration: As always we start with an nmap scan, courtesy of my favorite enum tool Sparta, and can see some pretty common ports open, SSH, web, and SMB. I always like to check out SMB...

  • VulnHub - Kioptrix 3

    Here we are with Kioptrix level 3! This one was significantly more challenging than the last two if you exploited it manually, but there were some ways to automate the process to get the initial foothold to make things easier. Recon and initial enumeration: This one is going to be...

  • VulnHub - Kioptrix 2

    Time for Kioptrix #2! This one was ever so slightly more difficult to get root on, but only because I let myself fall down rabbit holes instead of exploiting the obvious. Recon and initial enumeration: As always I started off using my favorite scanning tool Sparta to get the open...

  • VulnHub - Kioptrix 1

    This one is going to be fairly short and sweet. It was a pretty simple box found over at vulnhub. https://www.vulnhub.com/entry/kioptrix-level-1-1,22/ Vulnhub is a site that hosts downloadable VMs that are CTF-style challenges. You'll need VMware to host them, and the drive space, but the upshot is that you don't...

  • Vulnserver TRUN - Vanilla EIP overwrite

    Stack buffer overflow exercise: Vulnserver.exe I've taken quite a liking to doing basic stack buffer overflow attacks after learning out to do them in the Pentesting With Kali Linux course. I learned so much about assembly, and how to debug and analyze programs and gain a deeper understanding of how...

  • HTB - Active

    Created by eks and mrb3n Let me preface this by saying that this was my favorite box on HackTheBox because it was one of the most real-world-like box that I've encountered so far. The vulnerabilities exploited here can be exploited in the real world and lead to the compromise of...