Write-up: Hack The Box – Rope Two

The machine Rope2 by r4j is probably (one of) the hardest boxes on HackTheBox.eu with only 104 system owns after 202 days. The theme of the box is more or less “research”, since it requires (gaining) knowledge in many different fields: Browser Exploitation, esoteric Heap Feng-Shui, and finally Linux Kernel Exploitation. For me, all 3 fields were pretty new and thus I had a lot to learn (over the course of almost exactly 3 months).

Continue reading “Write-up: Hack The Box – Rope Two”

Customizing Desinfec’t (and other Linux Live disks)

Desinfec’t, formerly known as Knoppicillin, is a Ubuntu-based Linux distribution that was created by the c’t Magazine for Computer Technology. It contains several anti-virus engines (currently ESET, F-Secure, Kaspersky and Sophos), as well as several tools for recovering systems from malware incidents.

Continue reading “Customizing Desinfec’t (and other Linux Live disks)”

Investigating: CVE-2019-19781 on Citrix NetScaler appliances

We got quite a few cases related to CVE-2019-19781 during the past few weeks.

However, most of the NetScaler VM images we got were acquired after the appliances were shut down, so we had no RAM image data. Unfortunately, this also implicates the loss of the root file system /, as it turned out that the root partition was mounted as a RAM disk.

Continue reading “Investigating: CVE-2019-19781 on Citrix NetScaler appliances”

Write-up: Hackvent 2019

Like the past few years, the HackingLab Team provided the white-hat hacking competition Hackvent in the form of a advent calendar. From December 1st to 24th , each day, a new challenge was released that has to be solved in-time for scoring full points. Like the past years, challenges were provided from various community members.

Continue reading “Write-up: Hackvent 2019”

Write-up: Flare-On 6

From August 16 to September 27, FireEye’s FLARE team ran the Flare-On challenge for the 6th straight year (see announcement, here). This CTF-style challenge is comprised of 12 reverse-engineering tasks for different architectures. Like the past years, it was a great event with so much new things learned.
TL;DR: I started a tad bit late, but managed to solve 11 out of those 12 challenges (after solving “vv_max”, I had 4 hours left to break the last challenge – a malicious Windows driver – which was way too little time 😉

Continue reading “Write-up: Flare-On 6”

Writeup: KringleCon 2018

The annual Holiday Hack Challenge by SANS and the Counterhack team takes place during Christmas time and is always entertaining and great for learning a new trick (or two). This year, the challenge was organized as an online conference, called KringleCon: https://holidayhackchallenge.com/2018/ with great talks and a well thought-out story.

Continue reading “Writeup: KringleCon 2018”

BurpSuite – Update HTTP Header in Session Handling Rules


First, this post will not cover the basics of recoding macros or use of the session handling rules in BurpSuite. There are a lot of basic stuff to be found in the internet [1][2]. However, by default, Burp is unable to update or modify an http request HTTP header by using session handling rules and macros. This can cause in problems if you investigate REST APIs or applications which protects requests with one-time CSRF tokens. Further, the Portswigger community blog is not very useful to address this problem [4][5]. Continue reading “BurpSuite – Update HTTP Header in Session Handling Rules”

Wammer – WiFi jamming made easy

Since years the IEEE 802.11 WiFi protocol has a well-known design flaw which allows attackers to disconnected clients from the WiFi access point they’re connected to.

All he has to do, is to send “dauthentication frames” to the WiFi access point. Because the IEEE 802.11 WiFi standard doesn’t require encryption for such frames, an attacker is able to perform the attack even though he isn’t connected with that access point. Continue reading “Wammer – WiFi jamming made easy”