Dissecting a Dridex Dropper

Grabbing some Samples Since I wanted to make sure and grab some more recent samples, I headed over to Malware Bazaar to grab a few samples. Since the database is searchable, I can throw in keyword searches (like Dridex) in order to filter the malware samples that I get back. Here I went ahead and search for signature:dridex and filter by the most recently submissions. Now, since I’m grabbing samples that have already been reporting, I know that I’m not going to be submitting the file hash that actually blocks it. [Read More]

Hacking the GV-ADR2702

IoT devices are becoming more commonplace in homes across the nation, with 127 new IoT devices being connected to the Internet every second. Because of this, I decided to look into the security of one of an extremely common brand of IoT cameras. Disclaimer: Well…technically it was for a final project for school but that’s neither here nor there. :) Just don’t expect this to be a step-by-step recreation of what I did. [Read More]

HTB - Netmon

Well the summer has officially kicked off and I find myself getting a bit rusty, so I thought I’d hop onto HTB and play around some and make sure I earned that piece of paper now that says I’m a certified professional. (Maybe I’ll write a blog post on that journey in the future) I VPNed into HTB and I decided to start off with a machine that was focused on more of a CVE style compromise vs CTF style. [Read More]

DHS CTF

Short Writeup of a CTF I did for a job interview

So a couple weeks ago when the government finally decided to start back up, I received an email from DHS letting me know they were resuming their intern search. This was awesome because I’ve heard really cool things about their Red Team in the past and I was looking forward to applying to them for an internship. What I got sent back was different compared to most interviews, but because of the time I’ve spent working on my OSCP over the past year it left me excited. [Read More]