b13bs

tl;dr Vidéotron ISP blocks incoming connections on TCP ports 25, 54, 80, 135, 137, 138, 139, 445, 646, 711, 1080 and 4444. For some time, I wanted to host my own web server from my home network. It was not intended for my main website since I want to mess with my home server. As […]

This blog post will be in french since this malware mitigation is destinated for a specific group of people. Suite à l’infection du compte Facebook de ma mère, je voulais faire un petit guide pour aider au nettoyage de ce virus. Notez bien deux choses. Premièrement, il est probable que votre infection n’est pas la […]

I attended the physical CTF NorthSec with my team 0-bae. NorthSec is held in Montréal every year and I have not missed it once since  its beginning 5 years ago. It is even more special for me because its first edition was the first CTF that I even attended. And it got me hooked. Four years […]

Posted in

I attended the online ctf CSAW with my university team PolyHack. The challenge’s portal did not give a lot of informations, most importantly that it was a Web challenge. Let’s dig in. We are presented a standard website with a few pages. Seeing the URL and the GET parameter “page”, I tested for LFI. For this classic payload, […]

Posted in

For a few months, I notice one website that I could not reach from my home network. I made sure that the destination hosts were up and they were. I was able to query them with a SOCKS proxy, and I tried with different clients from my home and every one of them had the same behaviour: the HTTP request timed […]

For my research project, I am in need to setup a Network Intrusion Detection System, or NIDS, on a lab network. Being on the attacker side for a few years, I heard a lot about Snort as the industry leader for open source rule-based NIDS so I chose it. I followed a great guide about its configuration but I encountered […]

I bought a Nexus 5 on a 2 year contract with Vidéotron in june 2014. Except weird signal losses, I liked the phone. This phone being in the Nexus series, the manufacturer doesn’t try to prevent you from rooting it and he doesn’t install countless bloatware apps. I had no major problem with it until november 2015. At this […]

I participated in the CSAW quals 2015 CTF with the team PolyHack in september. The challenge Forensics 200 didn’t provide any description. We were only handed a zip file named airport_26321e6eac7a7490e527cbe27ceb68c1.zip. It was a standard zip file that did not contain anything other than the challenge. After unzipping it, we have two directories named for_release […]

Posted in

I am in the process of setting up a Prelude SIEM environnement. Although, Prelude have already a few good tutorials that takes you through the process of installing the various Prelude components, I lost quite some time on a technicality that I didn’t found documented especially for this case. Since I followed differents tutorials and none of […]

This challenge was the second challenge in the category Misc, which is a category mostly about trivia questions or programming skills. We were provided with an URL named “Flag is Here!” which pointed to a text file. The text file (~700 KB) consists of thousands of triplets of values between 0 and 255. By knowing […]

Posted in