Using LLDP to deliver XSS payloads to Zyxel GS1900

Earlier this year I took a closer look again at the Zyxel GS1900-8 switch. Last time I mainly looked at the firmware itself, however this time I took a closer look at a different vector to test this device. Link Layer Discovery Protocol (LLDP) Based on an educated guess I started poking around the LLDP pages on the web interface. LLDP is a layer 2 network protocol described in IEEE 802.

Holiday Hack Challenge 2020 – KringleCon 3

Right before the end of 2020 I completed the Holiday Hack Challenge 2020. Though it’s obviously not the first type this conference took place, it was the first time I participated. Below is my write-up of the primary objectives along with a selection of side-challenges. Objectives: Uncover Santa’s Gift List Investigate S3 Bucket Point-of-Sale Password Recovery Operate the Santavator Open HID Lock Splunk Challenge Solve the Sleigh’s CAN-D-BUS Broken Tag Generator ARP Shenanigans Defeat Fingerprint Sensor Naughty/Nice List with Blockchain Investigation (part 1, part 2) Challenges:

Angr 9 SimFile without SimSymbolicMemory

Whilst working on angr_ctf in order to properly dive into Angr, there was one exercise which required the use of a symbolic filesystem with SimFile backed by symbolic memory. This particular challenge requires a particular input to be present in the input file and as such act as the password. The filename can be quickly looked up in the binary; the contents however will be made symbolic so we can solve for that.

Brixel CTF 2020 write up

This year I participated in the Brixel CTF winter edition along with another player from the Darknet Diaries Discord community. Despite some stability issues on the server side this CTF had some fun puzzles although some more challenging puzzles would be appreciated for a future installment. Below is my write up of a few of them – I ended up solving a few more but I didn’t keep any notes on them.

Creating a minimal RISC-V learning environment

It was while watching Bryan Cantrill’s presentation “The Soul of a New Machine”1 that my interest for RISC-V was piqued. I vaguely remember looking at RISC-V a while ago but at the time hardware wasn’t readily available unless you had an FPGA to run it on. Nowadays there’s ample choice of both 32-bit and 64-bit hardware to buy. No RISC, no fun First off, a very brief introduction to RISC-V and the different extensions which are available.