Summary OwlGuard is a platform designed to provide security teams a better way to manage SIEM rules. This tool aims to onboard clients efficiently just by using already developed rules and a simple connection to their SIEM. For now, only SPLUNK is supported, if the project get interest, other SIEM will be included in the support list. Language used When I’m doing a project, I’m not only doing it to develop something that will be helpful for me or other but also to learn new things.

Huntress Writeup Each challenges successfully solved will be explained here. The solution will not only be put in writing but also the way of thinking and failed tries will be described. Unfortunately, took too long to write it (didn’t took note …) so wasn’t able to re-do all the challenges before the server shutdown. Read The Rules This challenge is pretty straight forward. Read the rules using the view-source utility and you will find a commented html line with the flag.

Summary As I love both side of cybersecurity and as my job is blue team oriented, I’m doing the red-teaming side on my personal life. In that context, you may understand that I don’t have a lot of time to perform the enumeration and reconnaissance of the target. Fortunately, this phase is highly automatable, and that’s what this post is about. I’ve developed a recon script for Bug Bounty hunters that fit my needs (actually, I’ll be the principal user) named Bountease.

Summary Adversaries leverage their access to assets using initial access tool (custom or not). These tools are mainly used to get a remote session of the asset. This remote access is known as Command and Control (C2) and can be implemented through many protocols and many technics. This channel will allow adversaries to perform lateral movement, internal discovery, exfiltration and much more. Willing to hunt for C2 in companies and homemade networks, I’ve focused my effort into C2 over HTTP.