Posts by Year

2023

From Barista to ISO27001

Life’s journey often takes unexpected turns, and sometimes, those twists can lead to remarkable transformations in your career. Over the past year and a bit, I have gone on a career journey that started from behind a coffee counter and ended with the privilege of leading a team of ISO 27001 internal auditors. Not so long ago, my days were filled with the rich aroma of coffee beans and the friendly hum of customers. I was a barista, crafting cappuccinos and lattes, creating moments of warmth and connec...

0xcon 2023

0xcon is aimed at bringing together the local cyber security community to share knowledge and to network with like minded individuals. This event is very much by the community for the community, so whether you’re a seasoned expert or just starting out, we would love to welcome you to our conference as we enhance our understanding of the cyber security landscape. The conference covers a wide array of topics including cyber security best practices, threat intelligence, IOT security, ransomware, incident re...

Back to Top ↑

2022

Bsides 2022 programme

Bsides Cape Town 2022 is a month away. We are excited to finally have Cape Town’s hacker summer camp and year end in person again. We have some really exciting speakers and a workshop. How to participate Get your tickets: https://qkt.io/M9YKVw Keep an eye on our youtube channel: Buy a hoodie: https://qkt.io/M9YKVw (Merchandise to be fetched on the day) Location Map: Google Maps Venue: https://tobmce.co.za/ More about venue: https://bsidescapetown.co.za/bsides-conf/2022-location Event Program ...

BSIDES 2022 free tickets in giving back

Giving Back As part of our vision and mission to connect the infosec community in Cape Town and get new people involved, we would like to give back to the community. We already have the rite of passage initiative to find and assist up an coming students interested in information security, but to add to our initiatives we would like to give away a number of tickets to people who cannot afford the conference. We don’t want finances to be a blocker to meeting interested and curious future hackers. No matt...

0xcon 2022

0xcon 2022 returns to an in-person event after 2 years of online virtual events due to Covid. For those unaware, 0xcon started in 2017 and is a South African conference that is aimed at building the Gauteng and ZA infosec community. The conference welcomes both new and experienced alike and works hard to keep things open and free to everyone. How to participate 0xcon 2022 will take place on Saturday 12 November 2022 from 09:00 to 17:00 at the MTN Innovation Center (214 14th Avenue, Fairland, Johanne...

PIFv2

As many people in the InfoSec community are aware - getting your OSCP is something life-changing. Worldwide, there are a vast number of individuals who understand what a golden opportunity it is to complete the PWK course, even more so when it’s free. Yes, FREE! No strings attached. We just want our community to succeed. HOW IT STARTED: Following the death of George Floyd, Offensive Security created their Social Responsibility Program. One of the goals of this program was to provide sets of PEN...

Red Teaming - My first physical assessment

Red Teaming - My first physical assessment By chrismeistre I’ve recently been given the opportunity to perform my first physical assessment during a black box engagement for a client. In short, the black box permitted us to try anything to gain access to their infrastructure, and assess their IT security awareness and defenses. I was excited about this, and when the time finally came, I wasn’t left wanting. If you’re reading this as an aspiring hacker, or just someone interested in cyber security o...

Back to Top ↑

2021

Getting into Infosec/Cyber Security

My journey into cyber security/infosec. By Sp3ctrlM0nki3 So, I’ll start at the beginning. My passion for cyber sec started in a computer lab in high school where I created my first ‘virus’. It was a little .bat virus which would remove the System 32 Folder from your windows system. del c:WINDOWSsystem32*.*/q [1]

0xcon 2021

Taking place on Saturday, 13 November 2021 from 09:00 to 15:00 (SAST). 0xcon started in 2017 as a South African conference aimed at building the Gauteng and ZA infosec community. The conference welcomes both the new and experienced alike, and works hard to keep things open and free to everyone. Due to the pandemic, this year’s conference will be streamed to YouTube with discussion on the Hack South Discord server.

BSides 2021 Update: Postponement and reviewed Plans

Currently, there is a lot of uncertainty regarding Lockdown restrictions for the beginning of December as the inevitable fourth wave approaches. 2021 Conference Plans The plan was for a hybrid conference, but because of the lockdown uncertainty and, more importantly, since the previous BSIDES Cape Town took place in 2019 (2 years ago!), the organisers decided that an in-person conference would be superb. Therefore, the December 2021 BSIDES Cape Town conference has been postponed to March/April 2022 to a...

Vortimo Demo: Wed 4 Aug, 1800 SAST

Vortimo is the brain child of Roelof Temmingh, the man that brought us Maltego. On Wednesday 4 August 2021 he will be giving us a demo on his new OSINT web augmentation tool, Vortimo! Vortimo has many uses and functions, some of which we will cover on Wednesday. We can break down certain functions by what we find on their site

Bsides Cape Town post Covid and towards Dec 2021

UPDATE 2021-11-03: The plans for Bsides Cape Town has changes since this post ~ Please view the updated post ~ As organizer of BSIDES Cape Town, I thought it would be good to give some updates on the past and future of BSIDES Cape Town. We are still active, as some of you might have been wondering, planning the most out of 2021 despite lockdowns and any other surprises. After all as the fortune cookies says: “May you live in interesting times”. 2020 and SARS-Cov2 We had high hopes that the lock...

Smart Contract Bug Hunting

I’ve recently swapped out playing CTFs in my free time to trying to catch bugs in my free time, usually for a bounty. Since bug bounty platforms are usually focused on web or mobile applications, I thought it might be interesting to introduce an emerging branch of bug bounty, focusing on smart contracts.

Wannabes

Recently I was doing a Pentest, and I realised I am such a wannabe pentester, and I say this because I had to reach out my friends at Hack South for help on basic things. I am a jack of all trades, master of none, and so, I do not know many things by heart especially when not used on a daily basis.

Pay It Forward - PWK Vouchers

There is no such thing in life as a free lunch. Well, welcome to the exception to the rule (cos, who likes rules anyway - yuck!) A few years ago Telspace Systems gave me an opportunity and it changed my life. I am so grateful that there are people in the world (like those at Telspace) who do this kind of thing. It became a personal priority to be able to keep this kind of momentum going, and do my utmost to give the same kind of opportunities to others.

African Digital Forensics CTF

The United Nations Cybercrime Unit in Africa, lead by Carmen Corbin_UN created a unique Digital Forensics CTF competition for the month of May. This was only open for the African continent for people who are keen to see how their skills are in the digital forensics cybersecurity field. I for one do not work in the digital forensics field so I wanted to see how I would do in this but having worked as a systems administrator for most of my career, and now trying to make a move into offensive / forensics se...

OSCP Exam Guide: Preparing and Passing

Table of Contents Introduction Experience Pre-OSCP PWK Labs Post-Labs Exam Conclusion Pay It Forward – PWK Vouchers Resources Pre-OSCP Resources PWK Labs Resources Post-Labs Resources Exam Resources Introduction So you are planning to pursue the Offensive Security Certified Professional (OSCP) certification and are thinking about starting the Penetration Testing with Kali Linux (PWK) labs. This post covers some additional OSCP preparation that y...

There’s No Vel Like A SocVel

Intro Just over a year ago, having participated in a few Digital Forensics and Incident Response (DFIR) Capture The Flag (CTF) challenges, I started an internal one at work. This was aimed at Security Operation Center (SOC) and DFIR analysts, while using actual alert data from our environment. The great thing about this was the ability to present analysts with the same data they work on during normal operations. This meant we could test their understanding of what they were seeing, all while having the ...

DawgCTF 2021

I competed in DawgCTF with the Hack South CTF team on 8 May 2021. This is an 24-hour, entry-level CTF hosted by University of Maryland, Baltimore County’s CyberDawgs. We ended up placing 28th overall. Here are the write-ups for the four challenges I solved.

Digital Overdose Con Rookie Talk 2021

A journey through my first rookie talk, how I prepped for it and the details behind the amazing con, which happened on the weekend of the 17th and the 18th of April 2021. I spoke about a topic close to me, namely the usage of technology in business, or as I put it: “Bizops in Motion”. 2021 is a year of opportunity. Let’s make the most of this year. More posts to come!

Joining Hack South - The Skid guide to HS and Discord

Hack South is first and foremost a community of people based in South Africa but open to the world. Our growing community has a great variety of members, some of which are passionate information security practitioners, open-source investigators, developers, digital rights advocates and some are from a variety of other fields (even some totally unrelated to computers).

Going at the TraceLabs OSINT CTF again: You don’t win them all

On the weekend of the 22nd, I participated once more in the TraceLabs OSINT CTF. For context, this CTF is a bit different from other CTF's. It's not something where you compromise machines or map some networks. It's something where you actually try to dig up as much information as possible on missing people, as per the cases provided to TraceLabs by various law enforcement departments.

Those damn hackers hacked my Facebook!

“Don’t watch the video I inboxed you, my FB has been Hacked by Hackers!” Seen this before? Seen this more than once? You probably have. Accounts on Facebook have been hacked and taken over by hackers and they are working hard to hack your friends and families accounts… Or have they? Are they really? Who are these Hackers? And whilst we are on this subject, what are Hackers? Read further to understand what is usually actually going on, who is doing all these account takeovers and what the differen...

SARS and the eFiling quagmire with Adobe Flash discontinuation

After many years of faithful service, Adobe announced in 2017 it would discontinue support for Adobe Flash from 31 December 2020 and blocked Flash content from running in Flash Player.Many have been caught unprepared. The South African Revenue Service (SARS) recently announced it would start using its own browser. We aim to tackle the challenge this presents and what to think about and also why with a 2+ year warning things are not in place.

eNCA Interview on the WhatsApp Privacy Policy Changes

I had the distinct privilege of being interviewed on eNCA yesterday ! eNCA -- a.k.a. e-News Channel Africa -- is the first and most watched news service in South Africa. You can imagine that it came as a bit of a shocker to me to receive a message request in my Twitter DM's from one of their guest bookers, asking me if I'd like to come on and discuss these policy changes. So I decided to do it:

0x04 - Password Cracking

The Hack The Box Meetup is a monthly online event hosted on the first Tuesday of every month by Hack South. The meetup is an opportunity to connect with other InfoSec enthusiasts, learn new tools and tricks, exchange knowledge and of course Hack The Box.

Back to Top ↑

2020

Is that you Hack South? Is this me?

What is Hack South? Many have asked, what is Hack South, why Hack South and where is this all going? This blog will try to lay out the foundation, the activity and the vision for Hack South, Home of the ubiquitous South. We will also highlight some things we are working on, highlight some roles, channels and activities.

How to win the TraceLabs CTF, or at least come close

A few weeks ago, a rag tag motley crew from Hack South took part in the TraceLabs missing persons CTF as part of conINT 2020. It was our 4th shot as team Hack South, but this time we scored a podium finish and just missed out on 2nd place. This is the story of how we did it, with no case specifics.

0x03 - Getting started with Reverse Engineering

This post summarises the Meetup held on 1 December 2020. Agenda An introductory presentation on Software Reverse Engineering. A theory presentation will cover the types of outputs reverse engineers may investigate for CTFs and in practice. De-obfuscation, disassembly and decomplication will be discussed. We will look at the difference between static and dynamic analysis and how to use some of the common tools. The second half of the Meetup will feature two practical challenges: One guided, for attendees...

Announcing 0xcon 2020

0xcon 2020 is around the corner! We have some interesting local speakers sharing the hard work they have done over the year, and a privesc challenge that will be interesting to all of us. All of this will be done online due to COVID-19, but we are setting this up to maintain the collaborative nature of the event.

0x01 - First steps towards a foothold

This post summarises the Meetup held on 6 October 2020. Agenda An introductory session focussed on the first step when beginning on a new box: enumeration. A short presentation and a live demo will introduce on the theory and practice of initial enumeration and commonly used tools. Two Hack The Box 1-month VIP vouchers will be awarded to the top two contestants in a multiple-choice quiz! The second half of the Meetup will be dedicated to hacking together on the lab while sharing tips, tricks and advice.

0x00 - Starting from zero on Hack The Box

This post summarises the Meetup held on Tuesday 1 Sept 2020. Agenda An introductory session with the goal of getting everyone to pop a shell with EternalBlue. The backstory of WannaCry will be presented after a quick introduction. Then we will walk through the EternalBlue exploit and help everyone practice it in the HTB lab. Advanced attendees can skip forward to do other boxes on the private lab provided by HTB. The hosts will focus on walking new people through getting registered, set up, connected, a...

How To Access Our Dedicated Meetup Lab

This post shows how to access our dedicated lab during Hack The Box Meetups. Instead of playing on public instances, Hack The Box provides us a private lab environment for our Meetups. A mix of active and retired machines will be available without noise or interruption from other HTB players beyond our group.

Announcing the Hack The Box Meetup

We are excited to announce the first official Hack The Box Meetup in South Africa. All meetings will be online due to Covid-19. Our first meeting will be on Tuesday 1 September, followed by monthly meetings on the first Tuesday of every month. Hack The Box is an online platform to test and advance your skills in penetration testing and cyber security. Join and RSVP for the meeting now!

Back to Top ↑