The team is composed of 0xBlank, Pezzz and Steels, check the About us section for more informations. On this website you will find articles about :

Our path to pentest/red-team certifications
HackTheBox and CTF writeup
Presentation of homemade tools
Miscellaneous articles

Check out Flop.py Book a central repository of techniques, methodologies, and tools in several categories including Pentest, DFIR, OSINT & more !

Latest articles:

🎓 RETEX Certification RTO (Certified Red Team Operator)

Steels published on 2023-05-15 included in Certifications

Contexte Le projet initial de floppy (Juillet 2022), en plus de participer aux CTF, était de pouvoir s’entraider et se motiver à passer l’OSCP. Nous avions pour ce faire, défini une liste de box HackTheBox à faire avant de prétendre passer l’OSCP. Entre temps, nous avons décidé de faire le prolab Dante sur HackTheBox avec Pezzz et 0xblank. Pendant que nous passions ce dernier, une offre pour le blackfriday est apparue sur le site de ZeroPointSecurity, permettant d’obtenir la CRTO à -20%.

🕵️ HTB-Writeup : FLIGHT

Pezzz published on 2023-05-09 included in HackTheBox

Recon Nmap scan 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 └─$ nmap 10.10.11.187 -A -Pn -p- -T4 Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-14 00:09 CET Nmap scan report for 10.10.11.187 Host is up (0.023s latency). Not shown: 65516 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 80/tcp open http Apache httpd 2.

/chall-writeup-midnightctf-basicgorev/featured-image.png

🕵️ Midnight Flag CTF : Basic Go Rev

Steels published on 2023-04-16 included in CTF-Challenge

Nous avons eu l’occasion de participer au Midnight Flag CTF qui s’est déroulé dans la nuit du 15 au 16 avril. Ce write-up abordera le challenge Basic Go Rev proposé par Stinky. Le fichier Une fois que nous avons téléchargé et décompressé l’archive zip nous obtenons un fichier nommé main : 1 2 $ file main main: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=Dr3jOcC2drZkbVJK9eeY/aYcRCkAGnayJomBFlmZ9/7DOepaXw66VTewiqSf2c/WR20PqZ8xUmvXwS3-IeR, not stripped Analyse statique Etant donné que mes compétences en reverse sont proches du néant, je fais ce que je sais faire de mieux, c’est à dire un bon gros string sur le binaire :

🕵️ HTB-Writeup : BROSCIENCE

Pezzz published on 2023-04-15 included in HackTheBox

Introduction Welcome to our new HackTheBox write-up! In this article, we will guide you through the steps we took to successfully compromise the targeted machine. BroScience is an Medium Linux machine. External Recon Let’s do some recon ! Nmap scan 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 └─$ nmap 10.10.11.195 -T4 -A -p- -Pn PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.

🛠️ OPSE Part 3: Create your own plugin

Pezzz, Anom & Unknowns published on 2023-02-25 included in Projects

Introduction In this article, we’ll explain to you how to write your own plugin to extand and automate the OSINT process. By following this guide, developer’s plugins will be automatically added to the OPSE core. This article is part of a three-part series on the OPSE project. In this series of articles we will present different part of the project: Presentation of the tool w/ installation, usage and an example; A technical presentation of the tool, how it is thinked and coded; A guide to develop your own OPSE plugin !

🛠️ OPSE Part 2: Developing an OSINT framework in Python

Pezzz, Anom & Unknowns published on 2023-02-15 included in Projects

Introduction In this article, we’ll explain OPSE, a tool that we developed during our school project to automate the OSINT process. This article is part of a three-part series on the OPSE project. In this series of articles we will present different part of the project: Presentation of the tool w/ installation, usage and an example; A technical presentation of the tool, how it is thinked and coded; A guide to develop your own OPSE plugin !