Introducing ERLPopper.py

Introduction I created a new tool! Well… I re-wrote an existing tool. And it’s slower than the originals.1 And now that it’s (mostly) done, I’m not sure that it actually adds anything of value. Except that it works, and I now understand the Erlang Distribution Protocol, and why the other... [Read More]

Remote Debugging Node.js with VS Code

Introduction While working on a CTF-style challenge recently I was introduced to Node.js. Now I have dealt with it before, and have done my share of web development using JavaScript so I’m not stranger to its intricacies, but this was the first time I’ve dealt with it server-side. This challenge,... [Read More]

LLMNR/mDNS/NBNS Spoofing, pt. 2

Continued I wanted to perform the same attack using Inveigh coming from a Windows system. See the previous post for a bit of backstory and details on the setup. In this scenario we’re using the Server 2012 box (10.0.0.107) as the SMB server (where we’ll deploy Inveigh) and a Windows... [Read More]

LLMNR/mDNS/NBNS Spoofing, pt. 1

Introduction Recently I participated in a CTF against some Linux and Windows systems. I scored maximum points but one of the systems had unsettled me and, after the fact, I had discovered I didn’t use the intended route to gain access. Now while root is NT AUTHORITY\SYSTEM is root, I... [Read More]

PowerShell, Winforms, and Events

At work I’ve been writing a script to automate some testing, but it needed a GUI component. Since the project is in PowerShell winforms seemed like the logical choice. I ran into a situation where I needed to click a button to spawn an open file dialog, then get the... [Read More]