Home
Quantumly Confused
Cancel

HVAC and InfoSec - What a Pair!

HVAC and InfoSec - What a Pair!

HVACs, InfoSec, recruitment practices - what do these topics have in common? As we shall see surprisingly alot! Follow along with me as I walk through a troubleshoot of my HVAC system that had me pause and realize just how much crossover between my day-to-day work and everyday life.

Trench Talk - An Infosec Ops Team Series

Trench Talk - An Infosec Ops Team Series

Kick off to a new post series covering 'the narrative' of the last decade of being in an Infosec Operations team. This post will introduce the topics to be covered and give an introduction to the overall reason for doing this - sharing my hard earned knowledge and hopefully inspiring future generations that follow similar paths.

NSEC 2021 - Badgelife - Firmware RE

NSEC 2021 - Badgelife - Firmware RE

Walkthrough of NSEC 2021's hardware badge 10th and final flag. Unlike the first nine, this flag was captured by dumping the badge firmware, reverse engineering the the firmware to understand the memory storage structure, manually modifying the ESP32 chip's NVS partition, and then finally reflashing the modified firmware back on to the badge.

NSEC 2021 - Badgelife - Main Flags

NSEC 2021 - Badgelife - Main Flags

Walkthrough of the first 9 badge flags for NSEC 2021's hardware badge challenge. The writeup will go through the various in-game solutions as well as the more esoteric ways the flags were discovered. Additionally this will have a first introduction to the ESP32 architecture that while useful in these flag captures was essentially an introduction for the 10th and final flag which required reverse engineering the badge's firmware.

NSEC 2021 - Choir of Infinite Verses

NSEC 2021 - Choir of Infinite Verses

Walkthrough and approach of NSEC2021's the Choir of Infinite Verses challenge. By leveraging an insecure nonce reuse we are able to leverage RC4 Keystream reuse and craft our own modified cookie values.

NSEC 2021 - Knight's Siege Arsenal Monitoring Hub

NSEC 2021 - Knight's Siege Arsenal Monitoring Hub

Walkthrough and approach of the Knight's Siege Arsenal track of NSEC2021. An infrastructure based tracked that focused around ossec, a host intrusion detection system, we were tasked by the Knight Defender of North Sectoria to help test the castle's defences and report any weaknesses.