Posts by Year

2021

Going at the TraceLabs OSINT CTF again: You don’t win them all

On the weekend of the 22nd, I participated once more in the TraceLabs OSINT CTF. For context, this CTF is a bit different from other CTF's. It's not something where you compromise machines or map some networks. It's something where you actually try to dig up as much information as possible on missing people, as per the cases provided to TraceLabs by various law enforcement departments.

Those damn hackers hacked my Facebook!

“Don’t watch the video I inboxed you, my FB has been Hacked by Hackers!” Seen this before? Seen this more than once? You probably have. Accounts on Facebook have been hacked and taken over by hackers and they are working hard to hack your friends and families accounts… Or have they? Are they really? Who are these Hackers? And whilst we are on this subject, what are Hackers? Read further to understand what is usually actually going on, who is doing all these account takeovers and what the difference is between a Hacker and a criminal actor/criminal.

SARS and the eFiling quagmire with Adobe Flash discontinuation

After many years of faithful service, Adobe announced in 2017 it would discontinue support for Adobe Flash from 31 December 2020 and blocked Flash content from running in Flash Player.Many have been caught unprepared. The South African Revenue Service (SARS) recently announced it would start using its own browser. We aim to tackle the challenge this presents and what to think about and also why with a 2+ year warning things are not in place.

eNCA Interview on the WhatsApp Privacy Policy Changes

I had the distinct privilege of being interviewed on eNCA yesterday ! eNCA -- a.k.a. e-News Channel Africa -- is the first and most watched news service in South Africa. You can imagine that it came as a bit of a shocker to me to receive a message request in my Twitter DM's from one of their guest bookers, asking me if I'd like to come on and discuss these policy changes. So I decided to do it:

Back to Top ↑

2020

Is that you Hack South? Is this me?

What is Hack South? Many have asked, what is Hack South, why Hack South and where is this all going? This blog will try to lay out the foundation, the activity and the vision for Hack South, Home of the ubiquitous South. We will also highlight some things we are working on, highlight some roles, channels and activities.

0x03 - Getting started with Reverse Engineering

This post summarises the Meetup held on 1 December 2020. Agenda An introductory presentation on Software Reverse Engineering. A theory presentation will cover the types of outputs reverse engineers may investigate for CTFs and in practice. De-obfuscation, disassembly and decomplication will be discussed. We will look at the difference between static and dynamic analysis and how to use some of the common tools. The second half of the Meetup will feature two practical challenges: One guided, for attendees to follow along. The second one will be an exercise for attendees to try.

Announcing 0xcon 2020

0xcon 2020 is around the corner! We have some interesting local speakers sharing the hard work they have done over the year, and a privesc challenge that will be interesting to all of us. All of this will be done online due to COVID-19, but we are setting this up to maintain the collaborative nature of the event.

0x01 - First steps towards a foothold

This post summarises the Meetup held on 6 October 2020. Agenda An introductory session focussed on the first step when beginning on a new box: enumeration. A short presentation and a live demo will introduce on the theory and practice of initial enumeration and commonly used tools. Two Hack The Box 1-month VIP vouchers will be awarded to the top two contestants in a multiple-choice quiz! The second half of the Meetup will be dedicated to hacking together on the lab while sharing tips, tricks and advice.

0x00 - Starting from zero on Hack The Box

This post summarises the Meetup held on Tuesday 1 Sept 2020. Agenda An introductory session with the goal of getting everyone to pop a shell with EternalBlue. The backstory of WannaCry will be presented after a quick introduction. Then we will walk through the EternalBlue exploit and help everyone practice it in the HTB lab. Advanced attendees can skip forward to do other boxes on the private lab provided by HTB. The hosts will focus on walking new people through getting registered, set up, connected, and popping that 1st shell.

How To Access Our Dedicated Meetup Lab

This post shows how to access our dedicated lab during Hack The Box Meetups. Instead of playing on public instances, Hack The Box provides us a private lab environment for our Meetups. A mix of active and retired machines will be available without noise or interruption from other HTB players beyond our group.

Announcing the Hack The Box Meetup

We are excited to announce the first official Hack The Box Meetup in South Africa. All meetings will be online due to Covid-19. Our first meeting will be on Tuesday 1 September, followed by monthly meetings on the first Tuesday of every month. Hack The Box is an online platform to test and advance your skills in penetration testing and cyber security. Join and RSVP for the meeting now!

Back to Top ↑