The team is composed of 0xBlank, Pezzz and Steels, check the About us section for more informations. On this website you will find articles about :
- Our path to pentest/red-team certifications
- HackTheBox and CTF writeup
- Presentation of homemade tools
- Miscellaneous articles
Check out Flop.py Book a central repository of techniques, methodologies, and tools in several categories including Pentest, DFIR, OSINT & more !
Latest articles:
Contexte Le projet initial de floppy (Juillet 2022), en plus de participer aux CTF, Ă©tait de pouvoir s’entraider et se motiver Ă passer l’OSCP. Nous avions pour ce faire, dĂ©fini une liste de box HackTheBox Ă faire avant de prĂ©tendre passer l’OSCP.
Entre temps, nous avons dĂ©cidĂ© de faire le prolab Dante sur HackTheBox avec Pezzz et 0xblank. Pendant que nous passions ce dernier, une offre pour le blackfriday est apparue sur le site de ZeroPointSecurity, permettant d’obtenir la CRTO Ă -20%.
Recon Nmap scan
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 └─$ nmap 10.10.11.187 -A -Pn -p- -T4 Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-14 00:09 CET Nmap scan report for 10.10.11.187 Host is up (0.023s latency). Not shown: 65516 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 80/tcp open http Apache httpd 2.
Nous avons eu l’occasion de participer au Midnight Flag CTF qui s’est dĂ©roulĂ© dans la nuit du 15 au 16 avril.
Ce write-up abordera le challenge Basic Go Rev proposé par Stinky.
Le fichier Une fois que nous avons tĂ©lĂ©chargĂ© et dĂ©compressĂ© l’archive zip nous obtenons un fichier nommĂ© main :
1 2 $ file main main: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=Dr3jOcC2drZkbVJK9eeY/aYcRCkAGnayJomBFlmZ9/7DOepaXw66VTewiqSf2c/WR20PqZ8xUmvXwS3-IeR, not stripped Analyse statique Etant donnĂ© que mes compĂ©tences en reverse sont proches du nĂ©ant, je fais ce que je sais faire de mieux, c’est Ă dire un bon gros string sur le binaire :
Introduction Welcome to our new HackTheBox write-up! In this article, we will guide you through the steps we took to successfully compromise the targeted machine.
BroScience is an Medium Linux machine.
External Recon Let’s do some recon !
Nmap scan
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 └─$ nmap 10.10.11.195 -T4 -A -p- -Pn PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.
Introduction In this article, we’ll explain to you how to write your own plugin to extand and automate the OSINT process.
By following this guide, developer’s plugins will be automatically added to the OPSE core.
This article is part of a three-part series on the OPSE project. In this series of articles we will present different part of the project:
Presentation of the tool w/ installation, usage and an example; A technical presentation of the tool, how it is thinked and coded; A guide to develop your own OPSE plugin !
Introduction In this article, we’ll explain OPSE, a tool that we developed during our school project to automate the OSINT process.
This article is part of a three-part series on the OPSE project. In this series of articles we will present different part of the project:
Presentation of the tool w/ installation, usage and an example; A technical presentation of the tool, how it is thinked and coded; A guide to develop your own OPSE plugin !