CPTC 2019 Report

Competing at the Collegiate Penetration Testing Competition was a great opportunity to experience realistic security work. UT placed second in the North East Regionals. I was responsible for working on the windows boxes. Finding an anonymous FTP server gave me access to windows back-ups. From these back-ups, I was able to extract ssh keys. The FTP server allowed the use of the PORT command, which allowed me to perform an FTP bounce attack. …

Posted on

Microcorruption

Micorruption is a series of reverse engineering challenges. In each stage you disable a lock by reverse engineering it. Here's how I approached each stage of the challenge. Johannesburg This stage is an extension of the Cusco stage. The overview states: - A firmware update rejects passwords which are too long. - This lock is attached the the LockIT Pro HSM-1. Since the password verification occurs on the hardware module, we have to find another way to exploit it. …

Posted on