Logger in Go

Recently while tinkering with Go, there was a need to write json logs to disk for ingestion to a SIEM tool. So after researching a little bit around that use case I found two really cool libraries Zap – Written by folks at Uber. Read more at https://github.com/uber-go/zap Lumberjack – It enables log rotation. Building […]

Dockerized Splunk Sandbox

I love to play around with Splunk and wanted a good tear-down build back kind of sandbox approach for app development. So I created a dockerized splunk sandbox and wanted to share with the community. Its an extension of splunk’s docker image with a couple of additions A sample playground app placeholder which is mounted […]

Security Intel – A fun project powered by Django

As we are all being responsible and staying at home to combat Covid-19, I used this opportunity to code a little fun project. I name it Security Intel where we can plug in different apps to collect intelligence feeds. So far this app provides CVE searches using cve.circl.lu and URL indicators feed using VirusTotal. Feel […]

Manual Error Based SQL Injection

Credit to the wonderful box “Redcross” in HTB that exposed me with this form of attack, so let’s start. Now we can always use automated tools like sqlmap but that’s not ideal in every environment because of brute force checks on the target and more over, manual kinda gives a better idea and a better […]

SUID Binary Exploit – A Primer

SUID (Set owner User ID up on execution) is a special type of file permissions given to a file. Normally in Linux/Unix when a program runs, it inherits access permissions from the logged in user. SUID is defined as giving temporary permissions to a user to run a program/file with the permissions of the file […]