The first in what hopefully becomes a series in which I rediscover how much fun hacking things and making them work can be!

Pete told me about a Pi project ( he’s just done and it sounded cool so I went out and bought a Pi of my own to try the same.

Of course I didn’t plan it beyond “buying a Pi” and so I sat excitedly looking at my new toy, slowly deflating as I realised I had neither power, nor keyboard at the ready to do anything with it.

This can’t be the end, right? Right!

There are 2 things I need to achieve (3 if you count finding a power cable, but that’s more of a Layer 8 issue that I’ll skip…

Here’s my write up of a solution to the Bulldog CTF VM by @frichette_n, and hosted on

First step is to see what’s listening on our host:

nmap -A -O Nmap 7.60 ( ) at 2017–10–30 11:21 EDT
Nmap scan report for
Host is up (0.00037s latency).
Not shown: 997 closed ports
23/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 20:8b:fc:9e:d9:2e:28:22:6b:2e:0e:e3:72:c5:bb:52 (RSA)
| 256 cd:bd:45:d8:5c:e4:8c:b6:91:e5:39:a9:66:cb:d7:98 (ECDSA)
|_ 256 2f:ba:d5:e5:9f:a2:43:e5:3b:24:2c:10:c2:0a:da:66 (EdDSA)
80/tcp open http WSGIServer 0.1 (Python 2.7.12)
|_http-server-header: WSGIServer/0.1 Python/2.7.12
|_http-title: Bulldog Industries
8080/tcp filtered http-proxy
MAC Address: 08:00:27:16:1D:5F (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2–4.8 …

This is just a quick post inspired by some comments that I’ve seen recently on Twitter following some mega-breaches.

The term ‘Identity Theft’ implies, and its usage accepts, that the person whose identity is being stolen is the victim. They’re almost always not.

You could pretend to be me all you like. But it won’t get you very far with the real people in my life: my wife won’t let you into the house after you’ve finished work; my clients won’t let you on-site to actually do any work; my childrens’ school won’t let you collect my children; my friends (probably) won’t play you at squash; my Mum won’t cook you a Sunday dinner. …

As we enter the breach era, the sheer scale of the Equifax breach almost fails to register or most people; hundreds-of-millions of people being impacted is unimaginable for us. But one number — which seemed to be swallowed up by the wider story — was 44 million Brits are likely to be affected. Another enormous number for sure, but look at it this way: that’s about two-thirds of us.

The difficulty with the Equifax case though, is that none of us actually chose to be a customer of theirs in the first place. They’ve got our data through virtue of deals with other organisations (which we technically did choose to accept when we diligently read through the terms and conditions when we applied for bank accounts, loans, mortgages, credit cards, etc.) …

I originally posted my first effort here, but conceded that I hadn’t managed to get root since I’d been caught up with a hash problem.

I’m not going to migrate the other article here, instead I’ll pick up where I left off.

My issue, as you might recall, was that I had some hashes, had some salts, and had a means of combining them into passwords, but I couldn’t figure out how I was supposed to go right-to-left in the hash function.

I decided to go around it instead, and brute-force an effort left-to-right.

Since I can’t get from the salted hash to the password, what I did was write a bash script to go from a wordlist to a series of hashes using the salts that I’ve been provided. …

I’ve reached an impasse with this one, so I’m writing up my current progress and walking away for a while. I will try to come back to this later, but I’m at a point where I can’t figure out how I could possibly move forward with the information that I have.

Maybe you can help in the comments?

edit: I figured it out :) — this is therefore Part I, and the link is Part II.

Anyway, onward. This is part of a few VMs I’m going to play with as part of my “limbering up” to start my OSCP in a couple of weeks. …

(was: ‘How to force manufacturers to take IoT security seriously?’)

This is just a brief thought which has popped into my head that I thought I’d share.

Ars Technica have an interesting article as context.

In short, there’s a BrickerBot going around bricking insecure IoT devices.

Image for post
Image for post
What I imagine BrickerBot looks like when it’s posing for a selfie. *swoon*

Basically, the problem with IoT security is that security costs money. People don’t understand security and therefore don’t want to pay for it, so IoT manufacturers have no incentive to make their devices secure (since it necessarily would make their product cost more than the competition — who aren’t securing either).

Without an economic incentive to secure it, it remains insecure. …

I’m warming up, stretches and leans, so that I can pull the trigger and start my OSCP, so an invite to play another VM from Pete was fortunate timing.

This time I’m battling Tr0ll2. I didn’t battle Tr0ll1, but presumably it’s going to include lots of annoying quirks which should make for a nice interesting challenge.

Standard disclaimer: this is a way of doing it, not necessarily the best way of doing it. …

DevOps is a new mindset for a business adopting it, and it’s one that is necessarily going to take some time to really get it working. Since it’s new for everyone, there are concerns, questions, and objections going to come from all parts of your business and IT teams.

With this framework, hopefully the questions from security have started to be answered and a path has started to be plotted out showing how the security function can not only accept the arrival of DevOps, but steer its arrival and actively benefit from it.

This diagram summarises the main areas we’ve…

I’ve seen some amazing things delivered via agile that could not possibly have been delivered in any other methodology. But it’s a wasteland. Here’s why.

Agile teaches developers that there are no rules, so long as they’re iterating on an idea and producing lots of “minimum viable product” drops along the way. Except viability isn’t being measured in 3 dimensions, it’s being measured purely in ostensible functionality. There’s no consideration for any direction or real capability. There’s no appreciation of any historical precedence or any future direction. …



Father, husband, security architect, Guardian.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store