About b0yd (Edit profile)

This author has not yet filled in any details.
So far b0yd has created 28 blog entries.

HTTP screenshots with Nmap, Chrome, and Selenium

HTTP screenshots with Nmap, Chrome, and Selenium Several months back I tweeted out a gist of a simple website screenshot python script I wrote as an attempt to fill a gap in tooling that I couldn't seem to find anywhere. The options I was presented with were either too complex, inconsistent, or outdated. [...]

By |2019-06-15T21:08:55+00:00June 11th, 2019|PENTESTING, SECURIFERA|3 Comments

BMC Patrol Agent – Domain User to Domain Admin

**Important -  thanks to a nice cease and desist letter from BMC, I am obliged to explicitly state that Securifera is in no way affiliated, sponsored, or endorsed with/by BMC. All graphics produced are in no way associated with BMC or it's products and were created solely for this blog post. All uses of [...]

By |2019-03-18T01:36:12+00:00December 17th, 2018|PENTESTING|1 Comment

Metasploit Community CTF 2018 Writeup

Last weekend I participated in the 2018 Metasploit Community CTF. It was a nice break from the Jeopardy style, exploitation heavy CTFs I tend to play in. The setup included two vulnerable VMs, 1 windows, 1 linux ( with a bunch of dockers), and one Kali attack VM. This was the first Metasploit CTF [...]

By |2018-12-10T07:25:59+00:00December 10th, 2018|CTF|0 Comments

AMD Gaming Evolved (Raptr – Plays.tv) Remote File Execution

Background For anyone running an AMD GPU from a few years back, you've probably come across a piece of software installed on your computer from Raptr, Inc. If you don't remember installing it, it's because for several years it was installed silently along-side your AMD drivers. The software was marketed to the gaming [...]

By |2018-10-07T23:38:07+00:00April 15th, 2018|EXPLOITS|0 Comments

Flare-On 4 Challenge 11 Writeup

Flare-On 4  Challenge 11 Writeup For the last several weeks, I've been working through this year's Flare-On competition put on by FireEye. There was a broad range of challenges across various technologies with varying degrees of difficulty. I got to try out a few new tools and really enjoyed working through [...]

By |2017-10-16T03:58:44+00:00October 16th, 2017|CTF|0 Comments

DEFCON CTF 2017 – Divided Writeup

DIVIDED A little over a month ago, LegitBS held the qualifier for this year's DEF CON CTF. As the competition was nearing a close, the organizers released an atypical pwnable challenge, a Windows binary. There are only a handful of CTFs that tend to release Windows exploitation challenges and there is minimal [...]

By |2017-06-18T04:21:26+00:00June 18th, 2017|CTF, EXPLOITS|0 Comments

A Less Dirty Cow

BACKGROUND I recently came across several RHEL 6.x systems during a penetration test our team was performing for a customer. We had gained user level access on these machines and began enumerating privilege escalation possibilities. Given the somewhat recent discovery of the Dirty Cow vulnerability and what appears to be a manual patching [...]

By |2017-01-29T23:46:20+00:00January 28th, 2017|EXPLOITS, PENTESTING|1 Comment

Smart Phishing – Defeating Email Sandboxes

I decided to mix things up a little bit and do a blog post on something a little different than the usual vulnerability research or CTF write-ups. The bulk of our day job is focused on performing long term external assessments on customer networks, so I thought it might be useful to [...]

By |2017-01-28T15:56:08+00:00September 26th, 2016|PENTESTING|0 Comments

Time To Patch: RCE on Meinberg NTP Time Server

During a recent vulnerability assessment for a customer, I ran across an interesting web server while enumerating network enabled devices.  Navigating to the web server presented the management interface for a Meinberg NTP Time Server. This particular hardware appliance was used to provide an accurate time source for time-sensitive applications and hardware components while [...]

By |2016-10-12T16:53:58+00:00July 17th, 2016|EXPLOITS|0 Comments