2019-07-31 21:48:00
It's been three months since I last posted publicly. Don't worry, I'm still here :) I just have a lot of things going on.
- I have completed Mark Cooper's online, in-depth PKI training. Mark was nice enough to offer a steep discount for my beta-testing of the training. Dozens of remarks and feedback made their way back to the PKISolutions team.
- I'm currently taking the PenTester Academy "Attacking and Defending Active Directory" training. It's marvelous! Lots of in-depth information on how APTs would attack your AD environment, which builds on top of the small amount of experience I'd gotten through last year's DAMTA training.
- I joined a new client back in March, a large international financial institution, where I've joined a risk management team. I'll be performing internal pen-tests, I'll be helping teams improve their application's security posture and I'm helping out with various audits.
- It looks like I'll also be developing a PKI/certificates training module for this client's elearning facilities. And I may even join their internal developer training programme as a teacher, helping devops teams code defensively.
In our private life lots of things are also going on, but I'll leave those for another time and place.
kilala.nl tags:
blog,
View or add comments (curr. 1)
All content, with exception of "borrowed" blogpost images, or unless otherwise indicated, is copyright of Tess Sluijter. The character Kilala the cat-demon is copyright of Rumiko Takahashi and used here without permission.
2019-10-06 10:08:00
Posted by Tess
A Dutch summary I wrote at Tweakers:
De enige challenge waar ik echt kaas van kon maken, was het decrypten van TLS verkeer in Wireshark. Had ik nog niet eerder gedaan, dus een leuke oefening. Aanvankelijk hoopte ik dat de private key zwak genoeg was gekozen om te kraken met RsaCtfTool, op basis van het certificaat dat in de PCAP zat. Dat was al een oefeningetje op zich, leuk om verder te onderzoeken! Maar helaas, de key was sterk.
Een tip van één van de tafel-coaches was om de Subject name eens te onderzoeken. Wat blijkt? De naam SuperFish was niet als flauwigheid gekozen, maar serieus een echte instantie wiens private key was gelekt. Zie hier. En het verhaal er achter vind je hier. Het was een adware waar men fouten had gemaakt zodat de private key kon worden achterhaald.
Vanaf dat punt was't zaak om de private key met de juiste config in Wireshark te laden. Een eindje dieper in de capture kon je daarna 't http verkeer lezen en de flag vinden. Nice :D