Logger in Go

Recently while tinkering with Go, there was a need to write json logs to disk for ingestion to a SIEM tool. So after researching a little bit around that use case I found two really cool libraries Zap – Written by folks at Uber. Read more at https://github.com/uber-go/zap Lumberjack – It enables log rotation. Building […]

Dockerized Splunk Sandbox

I love to play around with Splunk and wanted a good tear-down build back kind of sandbox approach for app development. So I created a dockerized splunk sandbox and wanted to share with the community. Its an extension of splunk’s docker image with a couple of additions A sample playground app placeholder which is mounted […]

Security Intel – A fun project powered by Django

As we are all being responsible and staying at home to combat Covid-19, I used this opportunity to code a little fun project. I name it Security Intel where we can plug in different apps to collect intelligence feeds. So far this app provides CVE searches using cve.circl.lu and URL indicators feed using VirusTotal. Feel […]

Manual Error Based SQL Injection

Credit to the wonderful box “Redcross” in HTB that exposed me with this form of attack, so let’s start. Now we can always use automated tools like sqlmap but that’s not ideal in every environment because of brute force checks on the target and more over, manual kinda gives a better idea and a better […]

CVE Lookup – Splunk App

I’m passionate about Security, Splunk and Python. I mixed all 3 and it led to my first Splunk App which is now live in Splunkbase. DescriptionIt is a Splunk App that pulls down CVE information from the National Vulnerability Database using its new JSON 1.0 feed. The app extracts CVE information, its impact, affected products, […]

Splunk Modular Inputs

Splunk Enterprise 7.3 is here and it got me excited to play with it. Learn more here. While I was splunking around, I thought I should revisit a topic that I have never really had a chance to play with a lot. It’s modular inputs. To better understand this feature, I thought of the following […]

SUID Binary Exploit – A Primer

SUID (Set owner User ID up on execution) is a special type of file permissions given to a file. Normally in Linux/Unix when a program runs, it inherits access permissions from the logged in user. SUID is defined as giving temporary permissions to a user to run a program/file with the permissions of the file […]

Hack The Box writeup – Chaos

Presenting Chaos. A nice machine which is a little CTFish but a lot of fun. As usual we start with masscan. Port 80 is open, let’s run gobuster to see what we can find. Interesting results, we do see /wp which indicates the webserver could be running wordpress. Browsing to /wp we can see a […]

Hack The Box Writeup – Conceal

It’s got SNMP enumeration, IPSec tunnel and it all ends with Juicy Potato windows exploit. Overall, a really fun box with a lot of learning opportunities. We start off by running masscan. I am beginning to like this approach for my initial recon. Run it first, identify the ports and then run targeted nmap scans […]