Blog

This is the sixth and final part of the story of the smart card track at NSEC 2013. You can see the first five parts: part 1, part 2, part 3, part 4 and part 5. At the end of part 5, I had all [...]

This is the fifth part of the story of the smart card track at NSEC 2013. You can see the first four parts: part 1, part 2, part 3 and part 4. I had made good progress and I only needed one more [...]

This is the fourth part of the story of the smart card track at NSEC 2013. You can see the first three parts: part 1, part 2 and part 3. Now, I had 3 of the 5 unknown components required to [...]

After having to pay rounds because of the Rubber Ducky attack, I wanted a revenge ! Daniel participated in the hardening of our email server and apparently he put extra effort to prevent SMTP [...]

The Penetration Testing team at OKIOK developed a habit of trying to hack each other’s computer. It all started as a joke when an intern forgot to lock his Windows session before going to the [...]

This is the third part of the story of the smart card track at NSEC 2013. You can see the first two parts: part 1 and part 2. Now, I had found two flags and the next one was the Old encryption [...]

All pen testers use the Burp suite at some point, but few really exploit it to its full potential. One of the most extraordinary features of Burp is the ability to write your own custom handler. [...]

This is the second entry about the smart card track at NorthSec 2013, if you missed the first one, read it here. According to the track instructions, the second flag was the current PIN and they [...]

I want to post in this blog what I did at NorthSec 2013 which is a hacking competition that took place in Montreal in April 2013 (www.nsec.io). It is a 3 day event, so I’ll use multiple [...]

When performing penetration testing, sqlmap can be used to have a granular control of the various injection points during a SQL injection. For example, the HTTP Cookie header, the HTTP Referer [...]