Posts

Overview This post outlines a rapid incident response flow for suspected ransomware activity in Windows and Linux environments. Detection Monitor for unusual file I/O spikes Alert on renamed files with random extensions Identify process anomalies (PowerShell/WMIC in unusual context) Containment Disconnect infected hosts from network Isolate remote share mounts Preserve memory/images for forensic analysis Remediation Restore from verified backups Rotate credentials for compromised accounts Harden EDR/AV rules and patch related CVEs Lessons Early detection prevents full domain compromise Playbooks + automation are critical for scale Keep tabletop exercises current with latest threat patterns

Challenge: headless-web This writeup covers exploitation of a vulnerable web application deployed as a CTF challenge. The test setup included: insecure file upload weak session management arbitrary command injection 1. Recon Start by exploring endpoints and validating behavior under authenticated and unauthenticated sessions. 2. Exploitation Found insecure file upload endpoint /upload without mime or extension filtering. Uploaded PHP webshell and gained remote command execution. 3. Fix validate file type and extensions strictly enforce strong session cookie attributes (HttpOnly, Secure) apply Web Application Firewall rules for command injection Post-mortem This demonstrates how configuration issues in common web stacks can lead to path traversal and RCE.

HEllo everyone h1 hbfeinverovne h1

HELLO EVERYONE