A blog about cybersecurity by Cybix AB

Writeup for HTB Business CTF 2022 challenge Debugger Unchained


Recon Hack The Box arranged the Business CTF 2022 and Debugger Unchained is a web challenge that was ranked easy. The Business CTF is a special event for corporate teams so easy ranked stuff here does not really mean it’s for beginners. This is the info we got: Our SOC team has discovered a new strain of malware in one of the workstations. They extracted what looked like a C2 profile from the infected machine's memory and exported a network capture of the C2 traffic for further analysis.…
Read more ⟶

Writeup for Cyber Apocalypse CTF 2022 challenge Acnologia Portal


Recon Hack The Box arranged the Cyber Apocalypse CTF 2022 and Acnologia Portal is a web challenge that was marked with two stars (**). So it should be a challenge of medium difficulty. This is what the description says: Bonnie has confirmed the location of the Acnologia spacecraft operated by the Golden Fang mercenary. Before taking over the spaceship, we need to disable its security measures. Ulysses discovered an accessible firmware management portal for the spacecraft.…
Read more ⟶

Writeup for the easy ranked Nahamcon CTF challenge babysteps


Yes we decided to take part in Nahamcon CTF. No we did not have the time to do it. No we could not help ourselves. :) The babysteps challenge was one of the easy ranked in the binary exploitation category. I choose to do a writeup on this cause I think it fits quite well as the next part in my series of posts about binary exploitation. This uses the good old shellcode on the stack trick and just barely scratches some return oriented programming.…
Read more ⟶

Writeup for the medium ranked HTB box Devzat


This was a really fun and challenging box. Vulnerabilities for this box is described in CVE-2019-20933 and also a OS command injection vulnerability, described more in detail here. Tools used for this box was nmap, dirb, searchsploit, python3, ssh-port-forward, burpsuite and ffuf. The environment I used was a kali-VM (in Parallels Desktop 17) on my MACOS-machine. Let’s GO! Scanning Portscanning with nmap ┌──(erra㉿kali)-[~/htb/devzat] └─$ sudo nmap -T4 -sV -A devzat.htb -o nmap.…
Read more ⟶