/CUEH.svg

ComSec

Content on this website will teach hacking, you are responsible to ensure that it is used ethically and all laws are followed

Getting setup for ComSec

Most ComSec sessions are practical, so you’ll need a system you’re happy to hack on. We will run workshops in the labs as much as possible, so those machines will be available. If you’re a more experience hacker, you no doubt have your own environment, however, if you’re still getting into the area you may want a low-effort environment to start with. ComSec has built some tools to help with this.

Writeup: Hack The Box Cyber Apocalypse 2023 - The Cursed Mission

The HackTheBox Cyber Apocalypse has become a staple annual event of the ComSec CTF calendar, though this year a couple of changed were introduced - such as the maximum team size and average difficulty of the challenges. This post contains some challenges Contents Contents rev: Alien Saboteur Understanding the VM Reversing the VM Program Getting the First Password Unravelling more Code Finding the Flag pwn: Control Room Static Analysis Configure Engine Exploitation rev: Alien Saboteur Solved by Ben R, this was rated a medium difficulty challenge, and his personal favourite challenge in the CTF.

DownUnder CTF 2022

DownUnder CTF was a 48 hour CTF that began on Friday 23rd September 2022. It was the first CTF of the year that ComSec played, we had quite a few new members playing this one so it was a great chance for them to practice their skills. This article contains writeups of a range of difficulty and category, so this should be a good place for new members to see what a jeopardy style CTF looks like.

Log and PATH Poisoning

In this session we talked about log files, the PATH variable and how an attacker could exploit them. Briefly, the PATH is a system variable unique to UNIX systems which defines the hierarchy that the CPU uses to find executable binaries. If someone were to prepend or append a valid directory to the PATH, then the CPU would consider it as a valid location to find binaries in. Similarly, log files can be used as a vector for code execution if the permissions were to be misconfigured.

SQL Injection

SQL Injection Further on today, we will be using THM If you haven’t registered go to tryhackme.com Ensure you have the VPN file or AttackBox ready SQL Structured Query Language (SQL) is used to communicate with databases and has the capability to delete, edit, insert or retrieve data. There are a few variations of SQL which have some slight syntactical differences. A few examples are MySQL, SQL Server and SQLite.

Twelvetide CTF

Hi everyone, Hope you’re all enjoying yourselves now that coursework deadlines have passed. As Christmas approaches ComSec would like to announce the dates of our Christmas CTF - Twelvetide. The CTF will last 15 days, with new challenges released every day for the first 12 days. Difficulty will range from entry-level to intermediate, so make sure you sign on and give it a go! More details will be released on the ComSec discord in coming days.